Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 59   Next >
Show: All  

USN-2621-1: PostgreSQL vulnerabilities - 25th May 2015

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. (CVE-2015-3165) Noah Misch discovered that PostgreSQL incorrectly handled certain standard library function return values, possibly leading to security issues. (CVE-2015-3166) ...

CVE-2015-3165 CVE-2015-3166 CVE-2015-3167

USN-2620-1: Linux kernel vulnerability - 23rd May 2015

A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

CVE-2015-3332

USN-2619-1: Linux kernel (Trusty HWE) vulnerability - 23rd May 2015

A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).

CVE-2015-3332

USN-2617-2: NTFS-3G vulnerability - 22nd May 2015

USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Original advisory details: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges.

CVE-2015-3202

USN-2618-1: python-dbusmock vulnerability - 21st May 2015

It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code.

CVE-2015-1326

USN-2609-1: Apport vulnerabilities - 21st May 2015

Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1324) Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect permissions in ...

CVE-2015-1324 CVE-2015-1325

USN-2617-1: FUSE vulnerability - 21st May 2015

Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges.

CVE-2015-3202

USN-2610-1: Oxide vulnerabilities - 21st May 2015

Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. (CVE-2015-1253, CVE-2015-1254) A use-after-free was discovered in the WebAudio implementation in Chromium. If a user ...

CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1260 CVE-2015-1262 CVE-2015-1265 CVE-2015-3910

USN-2616-1: Linux kernel vulnerabilities - 20th May 2015

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A ...

CVE-2014-9710 CVE-2015-3331 CVE-2015-3332

USN-2615-1: Linux kernel (Utopic HWE) vulnerabilities - 20th May 2015

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A ...

CVE-2014-9710 CVE-2015-3331 CVE-2015-3332

USN-2614-1: Linux kernel vulnerabilities - 20th May 2015

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). (CVE-2014-9715) Jan Beulich discovered the Xen virtual machine subsystem ...

CVE-2014-9715 CVE-2015-2150 CVE-2015-2830 CVE-2015-3331

USN-2613-1: Linux kernel (Trusty HWE) vulnerabilities - 20th May 2015

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). (CVE-2014-9715) Jan Beulich discovered the Xen virtual machine subsystem ...

CVE-2014-9715 CVE-2015-2150 CVE-2015-2830 CVE-2015-3331

USN-2612-1: Linux kernel (OMAP4) vulnerabilities - 20th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. (CVE-2015-3339) Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker ...

CVE-2014-9715 CVE-2015-3339

USN-2611-1: Linux kernel vulnerability - 20th May 2015

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).

CVE-2014-9715

USN-2603-1: Thunderbird vulnerabilities - 18th May 2015

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code ...

CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716

USN-2602-1: Firefox vulnerabilities - 13th May 2015

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service ...

CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718

USN-2608-1: QEMU vulnerabilities - 13th May 2015

Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when ...

CVE-2015-1779 CVE-2015-2756 CVE-2015-3456

USN-2607-1: Module::Signature vulnerabilities - 12th May 2015

John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. (CVE-2015-3406) John Lightsey discovered that Module::Signature incorrectly handled files that were not listed in the SIGNATURE file. ...

CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409

USN-2606-1: OpenSSL update - 12th May 2015

For compatibility reasons, Ubuntu 12.04 LTS shipped OpenSSL with TLSv1.2 disabled when being used as a client. This update re-enables TLSv1.2 by default now that the majority of problematic sites have been updated to fix compatibility issues. For problematic environments, TLSv1.2 can be disabled again by setting the OPENSSL_NO_CLIENT_TLS1_2 environment ...

LP: 1442970

USN-2605-1: ICU vulnerabilities - 11th May 2015

Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

CVE-2014-8146 CVE-2014-8147

USN-2604-1: Libtasn1 vulnerability - 11th May 2015

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-3622

USN-2600-2: Linux kernel regression - 8th May 2015

USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

LP: 1450442

USN-2599-2: Linux kernel (Utopic HWE) vulnerability - 8th May 2015

USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

LP: 1450442

USN-2598-2: Linux kernel regression - 8th May 2015

USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

LP: 1450442

USN-2597-2: Linux kernel (Trusty HWE) regression - 8th May 2015

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

https://launchpad.net/bugs/XXXXXX

USN-2582-1: Oxide vulnerabilities - 6th May 2015

A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1243) ...

CVE-2015-1243 CVE-2015-1250

USN-2601-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2600-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2599-1: Linux kernel (Utopic HWE) vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2598-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2597-1: Linux kernel (Trusty HWE) vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2596-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2595-1: ppp vulnerability - 5th May 2015

It was discovered that ppp incorrectly handled large PIDs. When pppd is used with a RADIUS server, a remote attacker could use this issue to cause it to crash, resulting in a denial of service.

CVE-2015-3310

USN-2594-1: ClamAV vulnerabilities - 5th May 2015

It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668

USN-2593-1: Dnsmasq vulnerability - 4th May 2015

Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information.

CVE-2015-3294

USN-2592-1: XML::LibXML vulnerability - 4th May 2015

Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information.

CVE-2015-3451

USN-2591-1: curl vulnerabilities - 30th April 2015

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly ...

CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153

USN-2590-1: Linux kernel vulnerabilities - 30th April 2015

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A stack overflow was discovered in the the microcode loader for the ...

CVE-2015-2150 CVE-2015-2666 CVE-2015-2830 CVE-2015-2922

USN-2589-1: Linux kernel (Utopic HWE) vulnerabilities - 30th April 2015

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A stack overflow was discovered in the the microcode loader for the ...

CVE-2015-2150 CVE-2015-2666 CVE-2015-2830 CVE-2015-2922

USN-2588-1: Linux kernel vulnerabilities - 30th April 2015

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. (CVE-2015-2666) It was discovered that the Linux kernel's IPv6 networking stack has ...

CVE-2015-2666 CVE-2015-2922

USN-2587-1: Linux kernel (Trusty HWE) vulnerabilities - 30th April 2015

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. (CVE-2015-2666) It was discovered that the Linux kernel's IPv6 networking stack has ...

CVE-2015-2666 CVE-2015-2922

USN-2586-1: Linux kernel (OMAP4) vulnerability - 30th April 2015

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

CVE-2015-2922

USN-2585-1: Linux kernel vulnerability - 30th April 2015

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

CVE-2015-2922

USN-2584-1: Linux kernel (EC2) vulnerability - 30th April 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2583-1: Linux kernel vulnerability - 30th April 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2581-1: NetworkManager vulnerability - 28th April 2015

Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.

CVE-2015-1322

USN-2570-1: Oxide vulnerabilities - 27th April 2015

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1235) An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked ...

CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1246 CVE-2015-1249 CVE-2015-1321 CVE-2015-3333

USN-2580-1: tcpdump vulnerabilities - 27th April 2015

It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155

USN-2579-1: autofs vulnerability - 27th April 2015

It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behaviour by adding a prefix to environment variables. Sites using program maps will need to adapt to ...

CVE-2014-8169

USN-2578-1: LibreOffice vulnerabilities - 27th April 2015

Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2014-9093) It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were ...

CVE-2014-9093 CVE-2015-1774

Showing page 1 of 59   Next >
Show: All