Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 2 of 70   Next >
Show: All  

USN-3031-1: Pidgin vulnerabilities - 12th July 2016

Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323

USN-3030-1: GD library vulnerabilities - 11th July 2016

It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformed XBM images. If a ...

CVE-2013-7456 CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6161

USN-3029-1: NSS vulnerability - 11th July 2016

Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA certificate bundle. ...

CVE-2016-2834

USN-3028-1: NSPR vulnerability - 11th July 2016

It was discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-1951

USN-3027-1: Tomcat vulnerability - 6th July 2016

It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service.

CVE-2016-3092

USN-3026-2: libusbmuxd vulnerability - 5th July 2016

It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

CVE-2016-5104

USN-3026-1: libimobiledevice vulnerability - 5th July 2016

It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

CVE-2016-5104

USN-3025-1: GIMP vulnerability - 5th July 2016

It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

CVE-2016-4994

USN-3024-1: Tomcat vulnerabilities - 5th July 2016

It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered ...

CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092

USN-3015-1: Oxide vulnerabilities - 30th June 2016

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1704)

CVE-2016-1704

USN-3022-1: LibreOffice vulnerability - 29th June 2016

It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

CVE-2016-4324

USN-3021-2: Linux kernel (OMAP4) vulnerabilities - 27th June 2016

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered ...

CVE-2016-3951 CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913

USN-3021-1: Linux kernel vulnerabilities - 27th June 2016

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered ...

CVE-2016-3951 CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913

USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998

USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities - 27th June 2016

USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling ...

CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998

USN-3018-1: Linux kernel vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998

USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities - 27th June 2016

USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3017-3: Linux kernel (Wily HWE) vulnerabilities - 27th June 2016

USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3017-1: Linux kernel vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3016-1: Linux kernel vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3014-1: Spice vulnerabilities - 21st June 2016

Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that ...

CVE-2016-0749 CVE-2016-2150

USN-3013-1: XML-RPC for C and C++ vulnerabilities - 20th June 2016

It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote ...

CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300

USN-3010-1: Expat vulnerabilities - 20th June 2016

It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300)

CVE-2012-6702 CVE-2016-5300

USN-3012-1: Wget vulnerability - 20th June 2016

Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.

CVE-2016-4971

USN-3011-1: HAProxy vulnerability - 20th June 2016

Falco Schmutz discovered that HAProxy incorrectly handled the reqdeny filter. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service.

CVE-2016-5360

USN-3009-1: Dnsmasq vulnerability - 20th June 2016

Edwin Török discovered that Dnsmasq incorrectly handled certain CNAME responses. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service.

CVE-2015-8899

USN-3008-1: Linux kernel (Qualcomm Snapdragon) vulnerability - 10th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-1583

USN-3007-1: Linux kernel (Raspberry Pi 2) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581

USN-3006-1: Linux kernel vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581

USN-3005-1: Linux kernel (Xenial HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581

USN-3004-1: Linux kernel (Raspberry Pi 2) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3003-1: Linux kernel vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3002-1: Linux kernel (Wily HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3001-1: Linux kernel (Vivid HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3136 CVE-2016-3137 CVE-2016-3140 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581

USN-2999-1: Linux kernel vulnerability - 10th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-1583

USN-2998-1: Linux kernel (Trusty HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2069 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581

USN-2997-1: Linux kernel (OMAP4) vulnerabilities - 10th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. ...

CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486

USN-2996-1: Linux kernel vulnerabilities - 9th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. ...

CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486

USN-2995-1: Squid vulnerabilities - 9th June 2016

Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid ...

CVE-2016-3947 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556

USN-2993-1: Firefox vulnerabilities - 9th June 2016

Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an ...

CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834

USN-2994-1: libxml2 vulnerabilities - 6th June 2016

It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled ...

CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483

USN-2992-1: Oxide vulnerabilities - 6th June 2016

An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1673) An issue was discovered with Document reattachment in Blink in some circumstances. If a user were tricked in to ...

CVE-2016-1673 CVE-2016-1675 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1688 CVE-2016-1689 CVE-2016-1691 CVE-2016-1692 CVE-2016-1695 CVE-2016-1697 CVE-2016-1699 CVE-2016-1702 CVE-2016-1703

USN-2991-1: nginx vulnerability - 2nd June 2016

It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

CVE-2016-4450

USN-2990-1: ImageMagick vulnerabilities - 2nd June 2016

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after ...

CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118

USN-2989-1: Linux kernel vulnerabilities - 1st June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux ...

CVE-2015-4004 CVE-2016-2069 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581

< Previous   Showing page 2 of 70   Next >
Show: All