Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 3 of 70   Next >
Show: All  

USN-3011-1: HAProxy vulnerability - 20th June 2016

Falco Schmutz discovered that HAProxy incorrectly handled the reqdeny filter. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service.

CVE-2016-5360

USN-3009-1: Dnsmasq vulnerability - 20th June 2016

Edwin Török discovered that Dnsmasq incorrectly handled certain CNAME responses. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service.

CVE-2015-8899

USN-3008-1: Linux kernel (Qualcomm Snapdragon) vulnerability - 10th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-1583

USN-3007-1: Linux kernel (Raspberry Pi 2) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581

USN-3006-1: Linux kernel vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581

USN-3005-1: Linux kernel (Xenial HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-8839 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4558 CVE-2016-4565 CVE-2016-4581

USN-3004-1: Linux kernel (Raspberry Pi 2) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3003-1: Linux kernel vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3002-1: Linux kernel (Wily HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3001-1: Linux kernel (Vivid HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-3961 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4581

USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2117 CVE-2016-2187 CVE-2016-3136 CVE-2016-3137 CVE-2016-3140 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581

USN-2999-1: Linux kernel vulnerability - 10th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-1583

USN-2998-1: Linux kernel (Trusty HWE) vulnerabilities - 10th June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did ...

CVE-2015-4004 CVE-2016-1583 CVE-2016-2069 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581

USN-2997-1: Linux kernel (OMAP4) vulnerabilities - 10th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. ...

CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486

USN-2996-1: Linux kernel vulnerabilities - 9th June 2016

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. ...

CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486

USN-2995-1: Squid vulnerabilities - 9th June 2016

Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. (CVE-2016-3947) Yuriy M. Kaminskiy discovered that the Squid ...

CVE-2016-3947 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556

USN-2993-1: Firefox vulnerabilities - 9th June 2016

Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an ...

CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834

USN-2994-1: libxml2 vulnerabilities - 6th June 2016

It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled ...

CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483

USN-2992-1: Oxide vulnerabilities - 6th June 2016

An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1673) An issue was discovered with Document reattachment in Blink in some circumstances. If a user were tricked in to ...

CVE-2016-1673 CVE-2016-1675 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1688 CVE-2016-1689 CVE-2016-1691 CVE-2016-1692 CVE-2016-1695 CVE-2016-1697 CVE-2016-1699 CVE-2016-1702 CVE-2016-1703

USN-2991-1: nginx vulnerability - 2nd June 2016

It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

CVE-2016-4450

USN-2990-1: ImageMagick vulnerabilities - 2nd June 2016

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after ...

CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118

USN-2989-1: Linux kernel vulnerabilities - 1st June 2016

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux ...

CVE-2015-4004 CVE-2016-2069 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581

USN-2988-1: LXD vulnerabilities - 31st May 2016

Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. (CVE-2016-1581) Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. ...

CVE-2016-1581 CVE-2016-1582

USN-2987-1: GD library vulnerabilities - 31st May 2016

It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497) ...

CVE-2014-2497 CVE-2014-9709 CVE-2015-8874 CVE-2015-8877 CVE-2016-3074

USN-2986-1: dosfstools vulnerabilities - 31st May 2016

Hanno Böck discovered that dosfstools incorrectly handled certain malformed filesystems. A local attacker could use this issue to cause dosfstools to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-8872 CVE-2016-4804

USN-2985-2: GNU C Library regression - 26th May 2016

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. We ...

LP: 1585614

USN-2985-1: GNU C Library vulnerabilities - 25th May 2016

Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did ...

CVE-2013-2207 CVE-2014-8121 CVE-2014-9761 CVE-2015-1781 CVE-2015-5277 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-2856 CVE-2016-3075

USN-2950-5: Samba regression - 25th May 2016

USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a ...

LP: 1578576

USN-2984-1: PHP vulnerabilities - 24th May 2016

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865) Hans Jerry Illikainen discovered that the PHP ...

CVE-2015-8865 CVE-2016-3078 CVE-2016-3132 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544

USN-2936-3: Firefox regression - 18th May 2016

USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, ...

LP: 1583389

USN-2973-1: Thunderbird vulnerabilities - 18th May 2016

Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Böck discovered ...

CVE-2016-1938 CVE-2016-1978 CVE-2016-1979 CVE-2016-2805 CVE-2016-2807

USN-2960-1: Oxide vulnerabilities - 18th May 2016

An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. (CVE-2016-1660) It was discovered that Blink assumes that a frame ...

CVE-2016-1660 CVE-2016-1661 CVE-2016-1663 CVE-2016-1665 CVE-2016-1666 CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670

USN-2950-4: Samba regressions - 18th May 2016

USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the "client ipc signing" parameter to "auto". We apologize for the inconvenience. Original advisory details: Jouni Knuutinen ...

LP: 1574403 LP: 1576109

USN-2983-1: Expat vulnerability - 18th May 2016

Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718)

CVE-2016-0718

USN-2982-1: Libksba vulnerabilities - 17th May 2016

Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. This issue only applied to Ubunt 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-4353) Hanno Böck discovered that Libksba incorrectly handled decoding certain ...

CVE-2016-4353 CVE-2016-4354 CVE-2016-4355 CVE-2016-4356 CVE-2016-4574 CVE-2016-4579

USN-2981-1: libarchive vulnerabilities - 17th May 2016

It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. ...

CVE-2016-1541

USN-2980-1: libndp vulnerability - 17th May 2016

Julien Bernard discovered that libndp incorrectly performed origin checks when receiving Neighbor Discovery Protocol (NDP) messages. A remote attacker outside of the local network could use this issue to advertise a node as a router, causing a denial of service, or possibly to act as a man in the middle.

CVE-2016-3698

USN-2979-4: Linux kernel (Qualcomm Snapdragon) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2979-3: Linux kernel (Raspberry Pi 2) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2979-2: Linux kernel (Xenial HWE) vulnerabilities - 16th May 2016

USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict ...

CVE-2016-0758 CVE-2016-3713

USN-2979-1: Linux kernel vulnerabilities - 16th May 2016

David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive ...

CVE-2016-0758 CVE-2016-3713

USN-2978-3: Linux kernel (Raspberry Pi 2) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2978-2: Linux kernel (Wily HWE) vulnerabilities - 16th May 2016

USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory ...

CVE-2016-0758 CVE-2016-3713

USN-2978-1: Linux kernel vulnerabilities - 16th May 2016

David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive ...

CVE-2016-0758 CVE-2016-3713

USN-2977-1: Linux kernel (Vivid HWE) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2976-1: Linux kernel (Utopic HWE) vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-0758

USN-2975-2: Linux kernel (Trusty HWE) vulnerability - 16th May 2016

USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags ...

CVE-2016-0758

USN-2975-1: Linux kernel vulnerability - 16th May 2016

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758)

CVE-2016-0758

USN-2974-1: QEMU vulnerabilities - 12th May 2016

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-2391) Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest ...

CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037

USN-2972-1: OpenJDK 6 vulnerabilities - 10th May 2016

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427) A vulnerability was discovered in the OpenJDK JRE related ...

CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427

< Previous   Showing page 3 of 70   Next >
Show: All