Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Show: All  

USN-2325-1: OpenStack Nova vulnerability - 21st August 2014

Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration details of another instance.

CVE-2014-3517

USN-2324-1: OpenStack Keystone vulnerabilities - 21st August 2014

Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. (CVE-2014-3476) Jamie Lennox discovered that OpenStack Keystone did not properly validate the project id. A remote authenticated attacker may be ...

CVE-2014-3476 CVE-2014-3520 CVE-2014-5251 CVE-2014-5252 CVE-2014-5253

USN-2323-1: OpenStack Horizon vulnerabilities - 21st August 2014

Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted ...

CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-3594

USN-2322-1: OpenStack Glance vulnerability - 21st August 2014

Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not properly honor the image_size_cap configuration option. A remote authenticated attacker could exploit this to cause a denial of service via disk consumption.

CVE-2014-5356

USN-2321-1: OpenStack Neutron vulnerabilities - 21st August 2014

Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. (CVE-2014-3555) Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this ...

CVE-2014-3555 CVE-2014-4615

USN-2311-2: OpenStack Ceilometer vulnerability - 21st August 2014

USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Original advisory details: Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests.

CVE-2014-4615

USN-2320-1: Oxide vulnerabilities - 20th August 2014

A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-3165) An issue was discovered in the Public Key Pinning implementation in Chromium. ...

CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 LP: 1356372

USN-2319-1: OpenJDK 7 vulnerabilities - 19th August 2014

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4223, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to ...

CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268

USN-2232-4: OpenSSL regression - 18th August 2014

USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue ...

LP: 1356843

USN-2318-1: Linux kernel vulnerabilities - 18th August 2014

Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. (CVE-2014-5207) Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. ...

CVE-2014-5206 CVE-2014-5207

USN-2317-1: Linux kernel (Trusty HWE) vulnerabilities - 18th August 2014

Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. (CVE-2014-5207) Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. ...

CVE-2014-5206 CVE-2014-5207

USN-2316-1: Subversion vulnerabilities - 14th August 2014

Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032) Ben Reser discovered that Subversion did ...

CVE-2014-0032 CVE-2014-3522 CVE-2014-3528

USN-2315-1: serf vulnerability - 14th August 2014

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

CVE-2014-3504

USN-2314-1: Linux kernel vulnerability - 13th August 2014

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).

CVE-2014-3917

USN-2313-1: Linux kernel (Trusty HWE) vulnerability - 13th August 2014

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).

CVE-2014-3917

USN-2312-1: OpenJDK 6 vulnerabilities - 12th August 2014

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-2490, CVE-2014-4216, CVE-2014-4219, CVE-2014-4262) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure ...

CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268

USN-2311-1: pyCADF vulnerability - 11th August 2014

Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests.

CVE-2014-4615

USN-2310-1: Kerberos vulnerabilities - 11th August 2014

It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ ...

CVE-2012-1016 CVE-2013-1415 CVE-2013-1416 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345

USN-2309-1: Libav vulnerabilities - 11th August 2014

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

LP: 1354755

USN-2308-1: OpenSSL vulnerabilities - 7th August 2014

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505) Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use ...

CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139

USN-2307-1: GPGME vulnerability - 6th August 2014

Tomáš Trnka discovered that GPGME incorrectly handled certain certificate line lengths. An attacker could use this issue to cause applications using GPGME to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2014-3564

USN-2306-2: GNU C Library regression - 5th August 2014

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually ...

LP: 1352504

USN-2306-1: GNU C Library vulnerabilities - 4th August 2014

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use ...

CVE-2013-4357 CVE-2013-4458 CVE-2014-0475 CVE-2014-4043

USN-2305-1: Samba vulnerability - 1st August 2014

Volker Lendecke discovered that the Samba NetBIOS name service daemon incorrectly handled certain memory operations. A remote attacker could use this issue to execute arbitrary code as the root user.

CVE-2014-3560

USN-2304-1: KDE-Libs vulnerability - 31st July 2014

It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

CVE-2014-5033

USN-2303-1: Unity vulnerability - 31st July 2014

It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session.

LP: 1349128

USN-2302-1: Tomcat vulnerabilities - 30th July 2014

David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. (CVE-2014-0075) It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could ...

CVE-2014-0075 CVE-2014-0096 CVE-2014-0099

USN-2301-1: Jinja2 vulnerabilities - 24th July 2014

It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges.

CVE-2014-0012 CVE-2014-1402

USN-2300-1: LZO vulnerability - 24th July 2014

Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2014-4607

USN-2298-1: Oxide vulnerabilities - 23rd July 2014

A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1730) A type ...

CVE-2014-1730 CVE-2014-1731 CVE-2014-1735 CVE-2014-1740 CVE-2014-1741 CVE-2014-1742 CVE-2014-1743 CVE-2014-1744 CVE-2014-1746 CVE-2014-1748 CVE-2014-3152 CVE-2014-3154 CVE-2014-3155 CVE-2014-3157 CVE-2014-3160 CVE-2014-3162 CVE-2014-3803 LP: 1337301

USN-2299-1: Apache HTTP Server vulnerabilities - 23rd July 2014

Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117) Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly ...

CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231

USN-2296-1: Thunderbird vulnerabilities - 22nd July 2014

Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the ...

CVE-2014-1544 CVE-2014-1547 CVE-2014-1549 CVE-2014-1550 CVE-2014-1552 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 LP: 1346007

USN-2295-1: Firefox vulnerabilities - 22nd July 2014

Christian Holler, David Keeler, Byron Campen, Gary Kwong, Jesse Ruderman, Andrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt, Shu-yu Guo, Steve Fink, Terrence Cole, Gijs Kruitbosch and Cătălin Badea discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker ...

CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1552 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 LP: 1342311

USN-2297-1: acpi-support vulnerability - 22nd July 2014

CESG discovered that acpi-support incorrectly handled certain privileged operations when checking for power management daemons. A local attacker could use this flaw to execute arbitrary code and elevate privileges to root.

CVE-2014-1419

USN-2294-1: Libtasn1 vulnerabilities - 22nd July 2014

It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. (CVE-2014-3467) It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this ...

CVE-2014-3467 CVE-2014-3468 CVE-2014-3469

USN-2293-1: CUPS vulnerability - 21st July 2014

Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

CVE-2014-3537

USN-2292-1: LWP::Protocol::https vulnerability - 17th July 2014

It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in ...

CVE-2014-3230

USN-2291-1: MySQL vulnerabilities - 17th July 2014

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.38. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: ...

CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260

USN-2290-1: Linux kernel vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could ...

CVE-2014-1739 CVE-2014-3144 CVE-2014-3145 CVE-2014-3940 CVE-2014-4608 CVE-2014-4611 CVE-2014-4943

USN-2289-1: Linux kernel vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the ...

CVE-2014-0131 CVE-2014-3917 CVE-2014-4014 CVE-2014-4608 CVE-2014-4611 CVE-2014-4943

USN-2288-1: Linux kernel (Trusty HWE) vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could ...

CVE-2014-1739 CVE-2014-3144 CVE-2014-3145 CVE-2014-3940 CVE-2014-4608 CVE-2014-4611 CVE-2014-4943

USN-2287-1: Linux kernel (Saucy HWE) vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the ...

CVE-2014-0131 CVE-2014-3917 CVE-2014-4014 CVE-2014-4608 CVE-2014-4611 CVE-2014-4943

USN-2286-1: Linux kernel (Raring HWE) vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the ...

CVE-2014-0131 CVE-2014-1739 CVE-2014-3144 CVE-2014-3145 CVE-2014-3917 CVE-2014-4014 CVE-2014-4608 CVE-2014-4943

USN-2285-1: Linux kernel (Quantal HWE) vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the ...

CVE-2014-0131 CVE-2014-1739 CVE-2014-3917 CVE-2014-4014 CVE-2014-4027 CVE-2014-4608 CVE-2014-4943

USN-2284-1: Linux kernel (OMAP4) vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could ...

CVE-2014-0131 CVE-2014-4608 CVE-2014-4699 CVE-2014-4943

USN-2283-1: Linux kernel vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the ...

CVE-2014-0131 CVE-2014-4608 CVE-2014-4943

USN-2282-1: Linux kernel vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker ...

CVE-2014-3917 CVE-2014-4608 CVE-2014-4943

USN-2281-1: Linux kernel (EC2) vulnerabilities - 16th July 2014

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker ...

CVE-2014-3917 CVE-2014-4608 CVE-2014-4943

USN-2280-1: MiniUPnPc vulnerability - 16th July 2014

It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.

CVE-2014-3985

USN-2279-1: Transmission vulnerability - 16th July 2014

Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

CVE-2014-4909

Show: All