Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Show: All  

USN-2168-1: Python Imaging Library vulnerabilities - 15th April 2014

Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents. (CVE-2014-1932, CVE-2014-1933)

CVE-2014-1932 CVE-2014-1933

USN-2167-1: curl vulnerabilities - 14th April 2014

Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. (CVE-2014-0138) Richard Moore discovered that libcurl incorrectly validated wildcard SSL certificates that contain literal IP addresses. An attacker could possibly ...

CVE-2014-0138 CVE-2014-0139

USN-2166-1: Net-SNMP vulnerabilities - 14th April 2014

Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A remote attacker could use this issue to cause the server to crash or to hang, resulting in a denial of service. (CVE-2012-6151) It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A remote attacker could use this issue to ...

CVE-2012-6151 CVE-2014-2284 CVE-2014-2285 CVE-2014-2310

USN-2124-2: OpenJDK 6 regression - 7th April 2014

USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and ...

LP: 1295987

USN-2165-1: OpenSSL vulnerabilities - 7th April 2014

Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160) Yuval Yarom and Naomi Benger ...

CVE-2014-0076 CVE-2014-0160

USN-2164-1: OpenSSH vulnerability - 7th April 2014

Matthew Vernon discovered that OpenSSH did not correctly check SSHFP DNS records if a server presented an unacceptable host certificate. A malicious server could use this issue to disable SSHFP checking.

CVE-2014-2653

USN-2163-1: PHP vulnerability - 7th April 2014

It was discovered that PHP's embedded libmagic library incorrectly handled PE executables. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.

CVE-2014-2270

USN-2162-1: file vulnerability - 7th April 2014

It was discovered that file incorrectly handled PE executable files. An attacker could use this issue to cause file to crash, resulting in a denial of service.

CVE-2014-2270

USN-2161-1: libyaml-libyaml-perl vulnerabilities - 3rd April 2014

Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6393) Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this ...

CVE-2013-6393 CVE-2014-2525

USN-2160-1: LibYAML vulnerability - 3rd April 2014

Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2014-2525

USN-2159-1: NSS vulnerability - 2nd April 2014

It was discovered that NSS incorrectly handled wildcard certificates when used with internationalized domain names. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

CVE-2014-1492

USN-2158-1: Linux kernel (Raring HWE) vulnerabilities - 1st April 2014

Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345) Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local ...

CVE-2013-4345 CVE-2013-6382 CVE-2014-1690

USN-2157-1: ClamAV update - 27th March 2014

This updates ClamAV to a new major version in order to gain new detection technologies and maintain proper compatibility with the virus signature database.

LP: 1296856

USN-2156-1: Samba vulnerability - 26th March 2014

Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords.

CVE-2013-4496

USN-2155-1: OpenSSH vulnerability - 25th March 2014

Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions.

CVE-2014-2532

USN-2154-1: ca-certificates update - 24th March 2014

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20130906 package.

LP: 1257265

USN-2153-1: initramfs-tools vulnerability - 24th March 2014

Kees Cook discovered that initramfs-tools incorrectly mounted /run without the noexec option, contrary to expected behaviour.

LP: 1152744

USN-2152-1: Apache HTTP Server vulnerabilities - 24th March 2014

Ning Zhang & Amin Tora discovered that the mod_dav module incorrectly handled whitespace characters in CDATA sections. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. (CVE-2013-6438) Rainer M Canavan discovered that the mod_log_config module incorrectly handled certain cookies. ...

CVE-2013-6438 CVE-2014-0098

USN-2151-1: Thunderbird vulnerabilities - 21st March 2014

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service ...

CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 LP: 1293851

USN-2150-1: Firefox vulnerabilities - 18th March 2014

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit ...

CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 LP: 1291982

USN-2149-2: GTK+ update - 17th March 2014

USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. Original advisory details: It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker ...

CVE-2013-1881

USN-2149-1: librsvg vulnerability - 17th March 2014

It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files.

CVE-2013-1881

USN-2148-1: FreeType vulnerabilities - 17th March 2014

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2014-2240, CVE-2014-2241)

CVE-2014-2240 CVE-2014-2241

USN-2147-1: Mutt vulnerability - 13th March 2014

Beatrice Torracca and Evgeni Golov discovered a buffer overflow in mutt while expanding addresses when parsing email headers. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking mutt.

CVE-2014-0467

USN-2146-1: Sudo vulnerabilities - 13th March 2014

Sebastien Macke discovered that Sudo incorrectly handled blacklisted environment variables when the env_reset option was disabled. A local attacker could use this issue to possibly run unintended commands by using blacklisted environment variables. In a default Ubuntu installation, the env_reset option is enabled by default. This issue only affected Ubuntu ...

CVE-2014-0106 LP: 1223297

USN-2145-1: libssh vulnerability - 12th March 2014

Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks.

CVE-2014-0017

USN-2144-1: CUPS vulnerabilities - 12th March 2014

Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package incorrectly handled memory. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. (CVE-2013-6474, CVE-2013-6475) Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package did not restrict ...

CVE-2013-6474 CVE-2013-6475 CVE-2013-6476

USN-2143-1: cups-filters vulnerabilities - 12th March 2014

Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. This issue only affected Ubuntu 13.10. (CVE-2013-6473) Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An ...

CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476

USN-2142-1: UDisks vulnerability - 10th March 2014

Florian Weimer discovered that UDisks incorrectly handled certain long path names. A local attacker could use this issue to cause udisks to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

CVE-2014-0004

USN-2141-1: Linux kernel (OMAP4) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2140-1: Linux kernel vulnerabilities - 7th March 2014

An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690) Matthew Thode ...

CVE-2014-1690 CVE-2014-1874 CVE-2014-2038

USN-2139-1: Linux kernel (OMAP4) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2138-1: Linux kernel vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2137-1: Linux kernel (Saucy HWE) vulnerabilities - 7th March 2014

An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690) Matthew Thode ...

CVE-2014-1690 CVE-2014-1874 CVE-2014-2038

USN-2136-1: Linux kernel (Raring HWE) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6380 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2135-1: Linux kernel (Quantal HWE) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2134-1: Linux kernel (OMAP4) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization ...

CVE-2013-4579 CVE-2013-6368 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2133-1: Linux kernel vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization ...

CVE-2013-4579 CVE-2013-6368 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2132-1: ImageMagick vulnerabilities - 6th March 2014

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain restart markers in JPEG images. If a user or automated system using ImageMagick were tricked into opening a specially crafted JPEG image, an attacker could exploit this to cause memory consumption, resulting in a denial of service. ...

CVE-2012-0260 CVE-2014-1958 CVE-2014-2030

USN-2131-1: IcedTea Web vulnerability - 6th March 2014

Michael Scherer discovered that IcedTea Web created temporary directories in an unsafe fashion. A local attacker could possibly use this issue to obtain or modify sensitive information from other local user sessions.

CVE-2013-6493

USN-2130-1: Tomcat vulnerabilities - 6th March 2014

It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. (CVE-2013-4286) It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat ...

CVE-2013-4286 CVE-2013-4322 CVE-2014-0033 CVE-2014-0050

USN-2129-1: Linux kernel (EC2) vulnerabilities - 5th March 2014

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. ...

CVE-2013-0160 CVE-2013-2929 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7027 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874

USN-2128-1: Linux kernel vulnerabilities - 5th March 2014

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. ...

CVE-2013-0160 CVE-2013-2929 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7027 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874

USN-2127-1: GnuTLS vulnerability - 4th March 2014

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.

CVE-2014-0092

USN-2126-1: PHP vulnerabilities - 3rd March 2014

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-1943) It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker ...

CVE-2013-7226 CVE-2013-7327 CVE-2013-7328 CVE-2014-1943 CVE-2014-2020

USN-2125-1: Python vulnerability - 3rd March 2014

Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes when using the socket.recvfrom_into() function. An attacker could possibly use this issue to cause Python to crash, resulting in denial of service, or possibly execute arbitrary code.

CVE-2014-1912

USN-2124-1: OpenJDK 6 vulnerabilities - 27th February 2014

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to ...

CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 LP: 1283828

USN-2123-1: file vulnerabilities - 26th February 2014

It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-1571) Bernd Melchers discovered that file incorrectly handled indirect offset values. An ...

CVE-2012-1571 CVE-2014-1943

USN-2122-1: FreeRADIUS vulnerabilities - 26th February 2014

It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. (CVE-2011-4966) Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap hash processing. An authenticated user could use this issue to cause FreeRADIUS to crash, resulting in a denial of service, or possibly ...

CVE-2011-4966 CVE-2014-2015

USN-2121-1: GnuTLS vulnerability - 25th February 2014

Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.

CVE-2014-1959

Show: All