It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.
5d360530cd59a1d5483a776654fdfec33b0978f21c0af5d79f7f2f3fb4c9a39c
Ubuntu Security Notice 1484-1 - It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys.
04fbced1a91721f7ab5f380ac1b24b6b95bb3cc42c528814abcc82b70cc1f2dd
Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
fe71e26fd75c9403f91014baf93c4a6d167a5d5aef0be73d9f6c0fe60b8a1865
Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
57bee9f577390f47d09269171763d581bac37a4751fb81fddb955d4db237ace9
Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
ad1e0d74169944968d087c38eeee1c4b790cf754e68c22a60bc2f608214be628
Ubuntu Security Notice 1483-2 - USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager. Various other issues were also addressed.
d9f65ac4719ba150d08e186463e35ce618c2f313114fdd6c475d4ccf81f2a1e6
Ubuntu Security Notice 1483-1 - It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager.
d35f4e8e5191c7b3e61ad07217f45203bbb8f811b3f00949c296b7d3d6c8f3a6
Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
25ad29d41bde009fefb9a337f7247199b62531201b03a95af1937b1f9fca28b3
Ubuntu Security Notice 1463-5 - USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It was discovered that the issue was only partially fixed on Ubuntu 11.04. When Thunderbird was started from the launcher, Thunderbird was still unable to obtain pointer grabs under certain conditions. This update fixes the problem. USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem. Various other issues were also addressed.
59ced9782d0d884adbabdccc45bd2f21a57bf35bf61f045b944aa6e782018601
Debian Linux Security Advisory 2498-1 - It was discovered that dhcpcd, a DHCP client, was vulnerable to a stack overflow. A malformed DHCP message could crash the client, causing a denial of service, and potentially remote code execution through properly designed malicious DHCP packets.
2a1985d21c5fc5cfea58dab1c087d2cbcd793d34c92dfbc5e4ad65f8a1d75a90
Debian Linux Security Advisory 2502-1 - It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force attacks on such keys.
6d4508421551948092f3a47c494a7261e2fff7ccbfc0297c1626d54727c95efa
Ubuntu Security Notice 1463-4 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. Various other issues have also been addressed.
861b51dc87677fb2e6108a42e3cff34c27ba457502d7e8c3880ae63e8d320f46
Debian Linux Security Advisory 2497-1 - It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.
767d155bcdfd3b4f54914b90d6d6c4d6892ecd75f4ed52e90b949e54eecb66d3
Red Hat Security Advisory 2012-1009-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
99830cdb701cb4aacf23d03be256ab6de994c9db6a37ccfd17ca394f12c296a5
Ubuntu Security Notice 1482-2 - USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Various other issues were also addressed.
d71f6c0e933ef9f027c20f83737f0ac412df02c939b1661f6397cd5b0a8f8471
Ubuntu Security Notice 1481-1 - It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. Various other issues were also addressed.
ef532b3bed02d20d59b37b0ac7ce3245a50645818f614071e2b2ed22dce3926e
Ubuntu Security Notice 1482-1 - It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Various other issues were also addressed.
7375ef9bb7213280f4fb2a900f61a9fef2a7a69735f1380307b67f2056e9e138
Debian Linux Security Advisory 2494-1 - It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).
4501feb8273e9684718b44e670322a6446313c332368d2d5a2059638c53e4d2a
Red Hat Security Advisory 2012-0730-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
b1a91d78f3f538784041ecd54d8b6862c3de9a7c686315edf5269ed789f47a27
Red Hat Security Advisory 2012-0729-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
10180e92bfe85dc94ea653b2b50445f887cdcb28ef932cca455d37b4ecfc9396
Ubuntu Security Notice 1467-1 - It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10 have been updated to MySQL 5.1.63. A patch to fix the issue was backported to the version of MySQL in Ubuntu 8.04 LTS. Various other issues were also addressed.
52928dd0c621971574807252ccbdfb1af768836701965a6ed9bfbf0a6c13a411
Debian Linux Security Advisory 2487-1 - It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution.
2d9dc06a415f8fc293156688adb0ebd1a69dcf3baec35646794fe891a2131701
Ubuntu Security Notice 1466-1 - It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol (e.g. 'TCP') in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions.
aaa802033fd02ad4127bca32ff6245611c268e7f7d2b90b51e38b75b80cefe1e
Ubuntu Security Notice 1465-3 - USN-1465-1 fixed vulnerabilities in Ubuntu One Client. The update failed to install on certain Ubuntu 10.04 LTS systems that had a legacy Python 2.5 package installed. This update fixes the problem. It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Various other issues were also addressed.
5c0afee4c4cf6f20c5072c02b401c558c85c7f6589dbc77daf0c51474d1c8b8f
Ubuntu Security Notice 1463-1 - Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
a1ddfa9c7fec8efed51fe4b27376372c6d46f9f58545ac36826bbc207ecd680e
Ubuntu Security Notice 1464-1 - It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
289394b386becc411d1da7e03909df1856271f711709c51b346d29cd31c165ae