Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 68   Next >
Show: All  

USN-2985-2: GNU C Library regression - 26th May 2016

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. We ...

LP: 1585614

USN-2985-1: GNU C Library vulnerabilities - 25th May 2016

Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did ...

CVE-2013-2207 CVE-2014-8121 CVE-2014-9761 CVE-2015-1781 CVE-2015-5277 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-2856 CVE-2016-3075

USN-2950-5: Samba regression - 25th May 2016

USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a ...

LP: 1578576

USN-2984-1: PHP vulnerabilities - 24th May 2016

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865) Hans Jerry Illikainen discovered that the PHP ...

CVE-2015-8865 CVE-2016-3078 CVE-2016-3132 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544

USN-2936-3: Firefox regression - 18th May 2016

USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, ...

LP: 1583389

USN-2973-1: Thunderbird vulnerabilities - 18th May 2016

Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Böck discovered ...

CVE-2016-1938 CVE-2016-1978 CVE-2016-1979 CVE-2016-2805 CVE-2016-2807

USN-2960-1: Oxide vulnerabilities - 18th May 2016

An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1660) It was discovered that Blink assumes that a frame ...

CVE-2016-1660 CVE-2016-1661 CVE-2016-1663 CVE-2016-1665 CVE-2016-1666 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670

USN-2950-4: Samba regressions - 18th May 2016

USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the "client ipc signing" parameter to "auto". We apologize for the inconvenience. Original advisory details: Jouni Knuutinen ...

LP: 1574403 LP: 1576109

USN-2983-1: Expat vulnerability - 18th May 2016

Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718)

CVE-2016-0718

USN-2982-1: Libksba vulnerabilities - 17th May 2016

Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. This issue only applied to Ubunt 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4353) Hanno Böck discovered that Libksba incorrectly handled decoding certain ...

CVE-2016-4353 CVE-2016-4354 CVE-2016-4355 CVE-2016-4356 CVE-2016-4574 CVE-2016-4579

USN-2981-1: libarchive vulnerabilities - 17th May 2016

It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. ...

CVE-2016-1541

USN-2980-1: libndp vulnerability - 17th May 2016

Julien Bernard discovered that libndp incorrectly performed origin checks when receiving Neighbor Discovery Protocol (NDP) messages. A remote attacker outside of the local network could use this issue to advertise a node as a router, causing a denial of service, or possibly to act as a man in the middle.

CVE-2016-3698

USN-2979-4: Linux kernel (Qualcomm Snapdragon) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2979-3: Linux kernel (Raspberry Pi 2) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2979-2: Linux kernel (Xenial HWE) vulnerabilities - 16th May 2016

USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict ...

CVE-2016-0758 CVE-2016-3713

USN-2979-1: Linux kernel vulnerabilities - 16th May 2016

David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive ...

CVE-2016-0758 CVE-2016-3713

USN-2978-3: Linux kernel (Raspberry Pi 2) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2978-2: Linux kernel (Wily HWE) vulnerabilities - 16th May 2016

USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory ...

CVE-2016-0758 CVE-2016-3713

USN-2978-1: Linux kernel vulnerabilities - 16th May 2016

David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive ...

CVE-2016-0758 CVE-2016-3713

USN-2977-1: Linux kernel (Vivid HWE) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2976-1: Linux kernel (Utopic HWE) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2975-2: Linux kernel (Trusty HWE) vulnerability - 16th May 2016

USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags ...

CVE-2016-0758

USN-2975-1: Linux kernel vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758)

CVE-2016-0758

USN-2974-1: QEMU vulnerabilities - 12th May 2016

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2391) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest ...

CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037

USN-2972-1: OpenJDK 6 vulnerabilities - 10th May 2016

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427) A vulnerability was discovered in the OpenJDK JRE related ...

CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427

USN-2971-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 9th May 2016

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Zach Riggle discovered that the Linux kernel's list poison feature did ...

CVE-2015-7515 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689

USN-2971-2: Linux kernel (Wily HWE) vulnerabilities - 9th May 2016

USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the ...

CVE-2015-7515 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689

USN-2971-1: Linux kernel vulnerabilities - 9th May 2016

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Zach Riggle discovered that the Linux kernel's list poison feature did ...

CVE-2015-7515 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689

USN-2970-1: Linux kernel (Vivid HWE) vulnerabilities - 9th May 2016

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel's AIO interface allowed single ...

CVE-2015-7515 CVE-2015-8830 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689

USN-2969-1: Linux kernel (Utopic HWE) vulnerabilities - 9th May 2016

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel's AIO interface allowed single ...

CVE-2015-7515 CVE-2015-8830 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3138 CVE-2016-3156 CVE-2016-3157

USN-2968-2: Linux kernel (Trusty HWE) vulnerabilities - 9th May 2016

USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity ...

CVE-2015-7515 CVE-2015-8830 CVE-2016-0774 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689

USN-2968-1: Linux kernel vulnerabilities - 9th May 2016

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel's AIO interface allowed single ...

CVE-2015-7515 CVE-2015-8830 CVE-2016-0774 CVE-2016-0821 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3689

USN-2967-2: Linux kernel (OMAP4) vulnerabilities - 9th May 2016

It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly ...

CVE-2013-4312 CVE-2015-7515 CVE-2015-7566 CVE-2015-7833 CVE-2015-8767 CVE-2015-8812 CVE-2016-0723 CVE-2016-0774 CVE-2016-0821 CVE-2016-2069 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847

USN-2967-1: Linux kernel vulnerabilities - 9th May 2016

It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly ...

CVE-2013-4312 CVE-2015-7515 CVE-2015-7566 CVE-2015-7833 CVE-2015-8767 CVE-2015-8812 CVE-2016-0723 CVE-2016-0774 CVE-2016-0821 CVE-2016-2069 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847

USN-2966-1: OpenSSH vulnerabilities - 9th May 2016

Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when the UseLogin feature is enabled. A local attacker could use this issue to gain privileges. (CVE-2015-8325) Ben Hawkes discovered that OpenSSH incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause OpenSSH to crash, resulting ...

CVE-2015-8325 CVE-2016-1907 CVE-2016-1908 CVE-2016-3115

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability - 6th May 2016

Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did ...

CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4557

USN-2965-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 6th May 2016

Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel ...

CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4557

USN-2965-2: Linux kernel (Xenial HWE) vulnerabilities - 6th May 2016

USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly ...

CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2847 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4557

USN-2965-1: Linux kernel vulnerabilities - 6th May 2016

Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel ...

CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4557

USN-2964-1: OpenJDK 7 vulnerabilities - 4th May 2016

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427) A vulnerability was discovered in the OpenJDK JRE related ...

CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427

USN-2963-1: OpenJDK 8 vulnerabilities - 4th May 2016

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427) Multiple vulnerabilities were discovered in the OpenJDK JRE related ...

CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427

USN-2961-1: Little CMS vulnerability - 4th May 2016

It was discovered that a double free() could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code.

CVE-2013-7455

USN-2950-3: Samba regressions - 4th May 2016

USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 ...

LP: 1577739

USN-2950-2: libsoup update - 4th May 2016

USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue ...

LP: 1573494

USN-2959-1: OpenSSL vulnerabilities - 3rd May 2016

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when ...

CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109

USN-2936-2: Oxygen-GTK3 update - 2nd May 2016

USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to crash on startup with the Oxygen GTK theme due to a pre-existing bug in the Oxygen-GTK3 theme engine. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse ...

LP: 1575781

USN-2957-2: Libtasn1 vulnerability - 2nd May 2016

USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in ...

CVE-2016-4008

USN-2958-1: poppler vulnerabilities - 2nd May 2016

It was discovered that the poppler pdfseparate tool incorrectly handled certain filenames. A local attacker could use this issue to cause the tool to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473, CVE-2013-4474) It was discovered that ...

CVE-2013-4473 CVE-2013-4474 CVE-2015-8868

USN-2957-1: Libtasn1 vulnerability - 2nd May 2016

Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service.

CVE-2016-4008

USN-2956-1: ubuntu-core-launcher vulnerability - 29th April 2016

Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mount point of bind mounts when using snaps on Ubuntu classic systems (eg, traditional desktop and server). If a user were tricked into installing a malicious snap with a crafted snap ...

CVE-2016-1580

Showing page 1 of 68   Next >
Show: All