Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 60   Next >
Show: All  

USN-2693-1: Bind vulnerabilities - 28th July 2015

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. (CVE-2015-5477) Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use ...

CVE-2012-5689 CVE-2015-5477

USN-2692-1: QEMU vulnerabilities - 28th July 2015

Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with ...

CVE-2015-3214 CVE-2015-5154 CVE-2015-5158

USN-2691-1: Linux kernel vulnerabilities - 28th July 2015

Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's ...

CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157

USN-2690-1: Linux kernel (Vivid HWE) vulnerabilities - 28th July 2015

Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's ...

CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157

USN-2689-1: Linux kernel (Utopic HWE) vulnerabilities - 28th July 2015

Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's ...

CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157

USN-2688-1: Linux kernel vulnerabilities - 28th July 2015

Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's ...

CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157

USN-2687-1: Linux kernel (Trusty HWE) vulnerabilities - 28th July 2015

Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's ...

CVE-2015-1333 CVE-2015-3290 CVE-2015-3291 CVE-2015-5157

USN-2686-1: Apache HTTP Server vulnerabilities - 27th July 2015

It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass ...

CVE-2015-3183 CVE-2015-3185

USN-2684-1: Linux kernel vulnerabilities - 23rd July 2015

A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this ...

CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366

USN-2683-1: Linux kernel (Vivid HWE) vulnerabilities - 23rd July 2015

A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this ...

CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366

USN-2682-1: Linux kernel (Utopic HWE) vulnerabilities - 23rd July 2015

A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw ...

CVE-2015-4692 CVE-2015-5364 CVE-2015-5366

USN-2681-1: Linux kernel vulnerabilities - 23rd July 2015

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) A flaw was discovered in the kvm (kernel virtual machine) ...

CVE-2015-1805 CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366

USN-2680-1: Linux kernel (Trusty HWE) vulnerabilities - 23rd July 2015

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) A flaw was discovered in the kvm (kernel virtual machine) ...

CVE-2015-1805 CVE-2015-4692 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366

USN-2679-1: Linux kernel (OMAP4) vulnerabilities - 23rd July 2015

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) Daniel Borkmann reported a kernel crash in the Linux kernel's ...

CVE-2015-1805 CVE-2015-4700

USN-2678-1: Linux kernel vulnerabilities - 23rd July 2015

A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) Daniel Borkmann reported a kernel crash in the Linux kernel's ...

CVE-2015-1805 CVE-2015-4700

USN-2676-1: NBD vulnerabilities - 22nd July 2015

It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6410) Tuomas Räsänen discovered that NBD incorrectly handled wrong export names and closed ...

CVE-2013-6410 CVE-2013-7441 CVE-2015-0847

USN-2675-1: LXC vulnerabilities - 22nd July 2015

Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. (CVE-2015-1331) Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux ...

CVE-2015-1331 CVE-2015-1334

USN-2674-1: MySQL vulnerabilities - 21st July 2015

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated ...

CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772

USN-2673-1: Thunderbird vulnerabilities - 20th July 2015

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight ...

CVE-2015-2721 CVE-2015-2724 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-4000

USN-2656-2: Firefox vulnerabilities - 15th July 2015

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Original advisory details: Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, ...

CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000

USN-2656-1: Firefox vulnerabilities - 9th July 2015

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest ...

CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000

USN-2672-1: NSS vulnerabilities - 9th July 2015

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve ...

CVE-2015-2721 CVE-2015-2730

USN-2671-1: Django vulnerabilities - 9th July 2015

Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. (CVE-2015-5143) Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote attacker could use this issue to perform header ...

CVE-2015-5143 CVE-2015-5144

USN-2670-1: libwmf vulnerabilities - 8th July 2015

Fernando Muñoz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696

USN-2669-1: Bind vulnerability - 7th July 2015

Breno Silveira Soares discovered that Bind incorrectly handled certain zone data when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.

CVE-2015-4620

USN-2668-1: HAProxy vulnerability - 7th July 2015

It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.

CVE-2015-3281

USN-2667-1: Linux kernel vulnerabilities - 7th July 2015

A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw ...

CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003

USN-2666-1: Linux kernel vulnerabilities - 7th July 2015

A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw ...

CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4167 CVE-2015-4700

USN-2665-1: Linux kernel (Vivid HWE) vulnerabilities - 7th July 2015

A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw ...

CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003

USN-2664-1: Linux kernel (Utopic HWE) vulnerabilities - 7th July 2015

A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel's Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw ...

CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4167 CVE-2015-4700

USN-2663-1: Linux kernel vulnerabilities - 7th July 2015

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this ...

CVE-2014-9710 CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4167

USN-2662-1: Linux kernel (Trusty HWE) vulnerabilities - 7th July 2015

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this ...

CVE-2014-9710 CVE-2015-1420 CVE-2015-4001 CVE-2015-4002 CVE-2015-4003 CVE-2015-4167

USN-2661-1: Linux kernel (OMAP4) vulnerability - 7th July 2015

A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations.

CVE-2015-1420

USN-2660-1: Linux kernel vulnerability - 7th July 2015

A race condition was discovered in the Linux kernel's file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations.

CVE-2015-1420

USN-2658-1: PHP vulnerabilities - 6th July 2015

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension incorrectly handled ...

CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 CVE-2015-4643 CVE-2015-4644

USN-2659-1: cups-filters vulnerabilities - 6th July 2015

Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user. (CVE-2015-3258, CVE-2015-3279)

CVE-2015-3258 CVE-2015-3279

USN-2652-1: Oxide vulnerabilities - 30th June 2015

It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1266) It was discovered that Blink ...

CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269

USN-2657-1: unattended-upgrades vulnerability - 29th June 2015

It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

CVE-2015-1330

USN-2655-1: Tomcat vulnerabilities - 25th June 2015

It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. (CVE-2014-0227) It was discovered that Tomcat incorrectly handled HTTP responses occurring ...

CVE-2014-0227 CVE-2014-0230 CVE-2014-7810

USN-2654-1: Tomcat vulnerabilities - 25th June 2015

It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0119) It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker ...

CVE-2014-0119 CVE-2014-0227 CVE-2014-0230 CVE-2014-7810

USN-2653-1: Python vulnerabilities - 25th June 2015

It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752) It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed ...

CVE-2013-1752 CVE-2013-1753 CVE-2014-4616 CVE-2014-4650 CVE-2014-7185

USN-2651-1: GNU patch vulnerabilities - 22nd June 2015

Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651) László Böszörményi discovered that GNU ...

CVE-2010-4651 CVE-2014-9637 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396

USN-2646-2: Linux kernel regression - 21st June 2015

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside ...

http://bugs.launchpad.net/bugs/1465998

USN-2644-2: Linux kernel (Utopic HWE) regression - 21st June 2015

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside ...

http://bugs.launchpad.net/bugs/1465998

USN-2643-2: Linux kernel regression - 21st June 2015

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside ...

http://bugs.launchpad.net/bugs/1465998

USN-2642-2: Linux kernel (Trusty HWE) regression - 21st June 2015

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside ...

http://bugs.launchpad.net/bugs/1465998

USN-2641-2: Linux kernel (OMAP4) regression - 21st June 2015

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside ...

http://bugs.launchpad.net/bugs/1465998

USN-2640-2: Linux kernel regression - 21st June 2015

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside ...

http://bugs.launchpad.net/bugs/1465998

USN-2650-1: wpa_supplicant and hostapd vulnerabilities - 16th June 2015

Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146

USN-2649-1: devscripts vulnerability - 16th June 2015

It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation.

CVE-2014-1833

Showing page 1 of 60   Next >
Show: All