Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 3 of 60   Next >
Show: All  

USN-2604-1: Libtasn1 vulnerability - 11th May 2015

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-3622

USN-2600-2: Linux kernel regression - 8th May 2015

USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

LP: 1450442

USN-2599-2: Linux kernel (Utopic HWE) vulnerability - 8th May 2015

USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

LP: 1450442

USN-2598-2: Linux kernel regression - 8th May 2015

USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

LP: 1450442

USN-2597-2: Linux kernel (Trusty HWE) regression - 8th May 2015

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and ...

https://launchpad.net/bugs/XXXXXX

USN-2582-1: Oxide vulnerabilities - 6th May 2015

A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1243) ...

CVE-2015-1243 CVE-2015-1250

USN-2601-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2600-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2599-1: Linux kernel (Utopic HWE) vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2598-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2597-1: Linux kernel (Trusty HWE) vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2596-1: Linux kernel vulnerability - 5th May 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2595-1: ppp vulnerability - 5th May 2015

It was discovered that ppp incorrectly handled large PIDs. When pppd is used with a RADIUS server, a remote attacker could use this issue to cause it to crash, resulting in a denial of service.

CVE-2015-3310

USN-2594-1: ClamAV vulnerabilities - 5th May 2015

It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668

USN-2593-1: Dnsmasq vulnerability - 4th May 2015

Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information.

CVE-2015-3294

USN-2592-1: XML::LibXML vulnerability - 4th May 2015

Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information.

CVE-2015-3451

USN-2591-1: curl vulnerabilities - 30th April 2015

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly ...

CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153

USN-2590-1: Linux kernel vulnerabilities - 30th April 2015

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A stack overflow was discovered in the the microcode loader for the ...

CVE-2015-2150 CVE-2015-2666 CVE-2015-2830 CVE-2015-2922

USN-2589-1: Linux kernel (Utopic HWE) vulnerabilities - 30th April 2015

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A stack overflow was discovered in the the microcode loader for the ...

CVE-2015-2150 CVE-2015-2666 CVE-2015-2830 CVE-2015-2922

USN-2588-1: Linux kernel vulnerabilities - 30th April 2015

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. (CVE-2015-2666) It was discovered that the Linux kernel's IPv6 networking stack has ...

CVE-2015-2666 CVE-2015-2922

USN-2587-1: Linux kernel (Trusty HWE) vulnerabilities - 30th April 2015

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. (CVE-2015-2666) It was discovered that the Linux kernel's IPv6 networking stack has ...

CVE-2015-2666 CVE-2015-2922

USN-2586-1: Linux kernel (OMAP4) vulnerability - 30th April 2015

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

CVE-2015-2922

USN-2585-1: Linux kernel vulnerability - 30th April 2015

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

CVE-2015-2922

USN-2584-1: Linux kernel (EC2) vulnerability - 30th April 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2583-1: Linux kernel vulnerability - 30th April 2015

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

CVE-2015-3339

USN-2581-1: NetworkManager vulnerability - 28th April 2015

Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.

CVE-2015-1322

USN-2570-1: Oxide vulnerabilities - 27th April 2015

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1235) An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked ...

CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1246 CVE-2015-1249 CVE-2015-1321 CVE-2015-3333

USN-2580-1: tcpdump vulnerabilities - 27th April 2015

It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155

USN-2579-1: autofs vulnerability - 27th April 2015

It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behaviour by adding a prefix to environment variables. Sites using program maps will need to adapt to ...

CVE-2014-8169

USN-2578-1: LibreOffice vulnerabilities - 27th April 2015

Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2014-9093) It was discovered that LibreOffice incorrectly handled certain HWP files. If a user were ...

CVE-2014-9093 CVE-2015-1774

USN-2571-1: Firefox vulnerability - 24th April 2015

Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. ...

CVE-2015-2706

USN-2577-1: wpa_supplicant vulnerability - 23rd April 2015

It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code.

CVE-2015-1863

USN-2576-2: usb-creator vulnerability - 23rd April 2015

USN-2576-1 fixed a vulnerability in usb-creator. This update provides the corresponding fix for Ubuntu 15.04. Original advisory details: Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

LP: 1447396

USN-2576-1: usb-creator vulnerability - 23rd April 2015

Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

LP: 1447396

USN-2575-1: MySQL vulnerabilities - 21st April 2015

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: ...

CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573

USN-2574-1: OpenJDK 7 vulnerabilities - 21st April 2015

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect ...

CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488

USN-2573-1: OpenJDK 6 vulnerabilities - 21st April 2015

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect ...

CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488

USN-2572-1: PHP vulnerabilities - 20th April 2015

It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330) It was discovered that PHP incorrectly handled opening tar, zip or phar archives ...

CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330

USN-2569-2: Apport vulnerability - 16th April 2015

USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that the fixed packages were still vulnerable to a privilege escalation attack. This update completely disables crash report handling for containers until a more complete solution is available. Original advisory details: Stéphane Graber and Tavis Ormandy independently discovered that Apport incorrectly ...

LP: 1444518

USN-2569-1: Apport vulnerability - 14th April 2015

Stéphane Graber and Tavis Ormandy independently discovered that Apport incorrectly handled the crash reporting feature. A local attacker could use this issue to gain elevated privileges.

CVE-2015-1318

USN-2568-1: libx11, libxrender vulnerability - 13th April 2015

Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other packages have also ...

CVE-2013-7439

USN-2567-1: NTP vulnerabilities - 13th April 2015

Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. (CVE-2015-1798) Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-1799) Juergen ...

CVE-2015-1798 CVE-2015-1799

USN-2566-1: dpkg vulnerability - 9th April 2015

Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

CVE-2015-0840

USN-2565-1: Linux kernel vulnerabilities - 9th April 2015

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel's handling of userspace configuration of ...

CVE-2015-1593 CVE-2015-2041 CVE-2015-2042 CVE-2015-4036

USN-2564-1: Linux kernel (Utopic HWE) vulnerabilities - 9th April 2015

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel's handling of userspace configuration of ...

CVE-2015-1593 CVE-2015-2041 CVE-2015-2042 CVE-2015-4036

USN-2563-1: Linux kernel vulnerabilities - 8th April 2015

Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw ...

CVE-2015-1421 CVE-2015-1465 CVE-2015-1593 CVE-2015-2041 CVE-2015-2042

USN-2562-1: Linux kernel (Trusty HWE) vulnerabilities - 8th April 2015

Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw ...

CVE-2015-1421 CVE-2015-1465 CVE-2015-1593 CVE-2015-2041 CVE-2015-2042

USN-2561-1: Linux kernel (OMAP4) vulnerabilities - 8th April 2015

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. (CVE-2014-8159) An integer overflow was discovered in ...

CVE-2014-8159 CVE-2015-1593 CVE-2015-2041 CVE-2015-2042

USN-2560-1: Linux kernel vulnerabilities - 8th April 2015

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel's handling of userspace configuration of ...

CVE-2015-1593 CVE-2015-2041 CVE-2015-2042

USN-2559-1: Libtasn1 vulnerability - 8th April 2015

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-2806

< Previous   Showing page 3 of 60   Next >
Show: All