Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 56   Next >
Show: All  

USN-2482-1: elfutils vulnerability - 22nd January 2015

Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.

CVE-2014-9447

USN-2481-1: Samba vulnerability - 22nd January 2015

Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further.

CVE-2014-8143

USN-2480-1: MySQL vulnerabilities - 22nd January 2015

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: ...

CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0411 CVE-2015-0432

USN-2460-1: Thunderbird vulnerabilities - 19th January 2015

Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of ...

CVE-2014-8634 CVE-2014-8638 CVE-2014-8639

USN-2479-1: RPM vulnerabilities - 19th January 2015

Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435) Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use ...

CVE-2013-6435 CVE-2014-8118

USN-2478-1: libssh vulnerability - 19th January 2015

It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.

CVE-2014-8132

USN-2477-1: libevent vulnerability - 19th January 2015

Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.

CVE-2014-6272

USN-2475-1: GTK+ update - 15th January 2015

Clemens Fries discovered that GTK+ allowed bypassing certain screen locks by using the menu key. An attacker with physical access could possibly use this flaw to gain access to a locked session.

LP: 1366790

USN-2474-1: curl vulnerability - 15th January 2015

Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests.

CVE-2014-8150

USN-2473-1: coreutils vulnerabilities - 14th January 2015

It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. (CVE-2009-4135) Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An ...

CVE-2009-4135 CVE-2014-9471

USN-2458-2: Ubufox update - 14th January 2015

USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially ...

USN-2458-1: Firefox vulnerabilities - 14th January 2015

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application ...

CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642

USN-2472-1: unzip vulnerabilities - 14th January 2015

Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

CVE-2014-8139 CVE-2014-8140 CVE-2014-8141

USN-2471-1: GParted vulnerability - 14th January 2015

Wolfgang Ettlinger discovered that GParted incorrectly filtered shell metacharacters when running external commands. A local attacker could use this issue with a crafted filesystem label to run arbitrary commands as the administrator.

CVE-2014-7208

USN-2470-1: Git vulnerability - 13th January 2015

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the ...

CVE-2014-9390

USN-2469-1: Django vulnerabilities - 13th January 2015

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. (CVE-2015-0219) Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. ...

CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222

USN-2468-1: Linux kernel vulnerabilities - 13th January 2015

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM ...

CVE-2014-7841 CVE-2014-7842 CVE-2014-7843 CVE-2014-8884

USN-2467-1: Linux kernel (Utopic HWE) vulnerabilities - 13th January 2015

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM ...

CVE-2014-7841 CVE-2014-7842 CVE-2014-7843 CVE-2014-8884

USN-2466-1: Linux kernel vulnerabilities - 13th January 2015

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM ...

CVE-2014-7841 CVE-2014-7842 CVE-2014-7843 CVE-2014-8884

USN-2465-1: Linux kernel (Trusty HWE) vulnerabilities - 13th January 2015

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM ...

CVE-2014-7841 CVE-2014-7842 CVE-2014-7843 CVE-2014-8884

USN-2464-1: Linux kernel (OMAP4) vulnerabilities - 13th January 2015

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 ...

CVE-2014-7842 CVE-2014-8134 CVE-2014-8369 CVE-2014-9090 CVE-2014-9322

USN-2463-1: Linux kernel vulnerabilities - 13th January 2015

A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842) The KVM (kernel virtual machine) subsystem ...

CVE-2014-7842 CVE-2014-8369

USN-2462-1: Linux kernel vulnerabilities - 13th January 2015

Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars ...

CVE-2014-3610 CVE-2014-3611

USN-2461-2: libyaml-libyaml-perl vulnerability - 12th January 2015

Stanisław Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

CVE-2014-9130

USN-2461-1: LibYAML vulnerability - 12th January 2015

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

CVE-2014-9130

USN-2461-3: PyYAML vulnerability - 12th January 2015

Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

CVE-2014-9130

USN-2459-1: OpenSSL vulnerabilities - 12th January 2015

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570) Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3571) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A ...

CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206

USN-2456-1: GNU cpio vulnerabilities - 8th January 2015

Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112) Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU ...

CVE-2010-0624 CVE-2014-9112

USN-2455-1: bsd-mailx vulnerability - 7th January 2015

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with ...

CVE-2014-7844

USN-2454-1: Exiv2 vulnerability - 7th January 2015

It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service.

CVE-2014-9449

USN-2453-1: mime-support vulnerability - 7th January 2015

Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code.

CVE-2014-7209

USN-2452-1: NSS vulnerability - 7th January 2015

It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.

CVE-2014-1569

USN-2451-1: cgmanager vulnerability - 5th January 2015

Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups.

CVE-2014-1425

USN-2450-1: strongSwan vulnerability - 5th January 2015

Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2 payloads that contained the Diffie-Hellman group 1025. A remote attacker could use this issue to cause the IKE daemon to crash, resulting in a denial of service.

CVE-2014-9221

USN-2449-1: NTP vulnerabilities - 22nd December 2014

Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9293) Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to ...

CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296

USN-2447-2: Linux kernel (Utopic HWE) regression - 19th December 2014

USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discovered that could leak the high 16 ...

http://bugs.launchpad.net/bugs/1390604

USN-2448-2: Linux kernel regression - 19th December 2014

USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discovered that could leak the high 16 ...

http://bugs.launchpad.net/bugs/1390604

USN-2448-1: Linux kernel vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7825 CVE-2014-7826 CVE-2014-7970 CVE-2014-8086 CVE-2014-8134 CVE-2014-8369 CVE-2014-9090

USN-2447-1: Linux kernel (Utopic HWE) vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7825 CVE-2014-7826 CVE-2014-7970 CVE-2014-8086 CVE-2014-8134 CVE-2014-8369 CVE-2014-9090

USN-2446-1: Linux kernel vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7825 CVE-2014-7826 CVE-2014-8134 CVE-2014-8369 CVE-2014-9090

USN-2445-1: Linux kernel (Trusty HWE) vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7825 CVE-2014-7826 CVE-2014-8134 CVE-2014-8369 CVE-2014-9090

USN-2444-1: Linux kernel (OMAP4) vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-7825 CVE-2014-7826 CVE-2014-7841 CVE-2014-8134 CVE-2014-8884 CVE-2014-9090

USN-2443-1: Linux kernel vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-7825 CVE-2014-7826 CVE-2014-7841 CVE-2014-8134 CVE-2014-8884 CVE-2014-9090

USN-2442-1: Linux kernel (EC2) vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7841 CVE-2014-8134 CVE-2014-8709 CVE-2014-8884 CVE-2014-9090

USN-2441-1: Linux kernel vulnerabilities - 12th December 2014

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in ...

CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7841 CVE-2014-8134 CVE-2014-8709 CVE-2014-8884 CVE-2014-9090

USN-2440-1: Mutt vulnerability - 11th December 2014

Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service.

CVE-2014-9116

USN-2439-1: QEMU vulnerabilities - 11th December 2014

Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. (CVE-2014-7840) ...

CVE-2014-7840 CVE-2014-8106

USN-2438-1: NVIDIA graphics drivers vulnerabilities - 10th December 2014

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

CVE-2014-8091 CVE-2014-8098 CVE-2014-8298

USN-2436-2: X.Org X server vulnerabilities - 9th December 2014

USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Original advisory details: Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X ...

LP: 1400942

USN-2437-1: Bind vulnerability - 9th December 2014

Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service.

CVE-2014-8500

Showing page 1 of 56   Next >
Show: All