Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 4 of 70   Next >
Show: All  

USN-2953-1: MySQL vulnerabilities - 21st April 2016

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages contain ...

CVE-2016-0639 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0661 CVE-2016-0665 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047

USN-2952-1: PHP vulnerabilities - 21st April 2016

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. (CVE-2014-9767) It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause ...

CVE-2014-9767 CVE-2015-8835 CVE-2015-8838 CVE-2016-1903 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185

USN-2917-3: Firefox regressions - 19th April 2016

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker ...

LP: 1572169

USN-2951-1: OptiPNG vulnerabilities - 18th April 2016

Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801) Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a ...

CVE-2015-7801 CVE-2015-7802 CVE-2016-2191 CVE-2016-3981 CVE-2016-3982

USN-2950-1: Samba vulnerabilities - 18th April 2016

Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws ...

CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118

USN-2948-2: Linux kernel (Utopic HWE) regression - 11th April 2016

USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ralf Spenneberg discovered that the ...

https://bugs.launchpad.net/bugs/1566726

USN-2917-2: Firefox regressions - 7th April 2016

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis ...

LP: 1567671

USN-2949-1: Linux kernel (Vivid HWE) vulnerabilities - 6th April 2016

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker ...

CVE-2015-8812 CVE-2016-2085 CVE-2016-2550 CVE-2016-2847

USN-2948-1: Linux kernel (Utopic HWE) vulnerabilities - 6th April 2016

Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kernel ...

CVE-2015-7566 CVE-2015-7833 CVE-2015-8812 CVE-2016-0723 CVE-2016-2085 CVE-2016-2550 CVE-2016-2782 CVE-2016-2847

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 6th April 2016

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. ...

CVE-2015-7833 CVE-2015-8812 CVE-2016-2085 CVE-2016-2383 CVE-2016-2550 CVE-2016-2847

USN-2947-2: Linux kernel (Wily HWE) vulnerabilities - 6th April 2016

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. ...

CVE-2015-7833 CVE-2015-8812 CVE-2016-2085 CVE-2016-2383 CVE-2016-2550 CVE-2016-2847

USN-2947-1: Linux kernel vulnerabilities - 6th April 2016

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. ...

CVE-2015-7833 CVE-2015-8812 CVE-2016-2085 CVE-2016-2383 CVE-2016-2550 CVE-2016-2847

USN-2946-2: Linux kernel (Trusty HWE) vulnerabilities - 6th April 2016

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker ...

CVE-2015-8812 CVE-2016-2085 CVE-2016-2550 CVE-2016-2847

USN-2946-1: Linux kernel vulnerabilities - 6th April 2016

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker ...

CVE-2015-8812 CVE-2016-2085 CVE-2016-2550 CVE-2016-2847

USN-2945-1: XChat-GNOME vulnerability - 4th April 2016

It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

LP: 1565000

USN-2944-1: Libav vulnerabilities - 4th April 2016

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

CVE-2014-8541 CVE-2015-1872 CVE-2015-3395 CVE-2015-5479 CVE-2015-6818 CVE-2015-6820 CVE-2015-6824 CVE-2015-6826 CVE-2015-8364 CVE-2015-8365 CVE-2016-1897 CVE-2016-1898 CVE-2016-2326 CVE-2016-2330

USN-2943-1: PCRE vulnerabilities - 29th March 2016

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2014-9769 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191

USN-2942-1: OpenJDK 7 vulnerability - 24th March 2016

A vulnerability was discovered in the JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.

CVE-2016-0636

USN-2941-1: Quagga vulnerabilities - 24th March 2016

Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2342) It was discovered that Quagga incorrectly handled messages ...

CVE-2013-2236 CVE-2016-2342

USN-2939-1: LibTIFF vulnerabilities - 23rd March 2016

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784

USN-2938-1: Git vulnerabilities - 21st March 2016

Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. (CVE-2016-2315, CVE-2016-2324)

CVE-2016-2315 CVE-2016-2324

USN-2937-1: WebKitGTK+ vulnerabilities - 21st March 2016

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928

USN-2935-3: PAM regression - 17th March 2016

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. We apologize for the inconvenience. Original advisory details: It was ...

LP: 1558597 http://www.ubuntu.com/usn/usn-2935-2

USN-2935-2: PAM regression - 16th March 2016

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local ...

LP: 1558114

USN-2935-1: PAM vulnerabilities - 16th March 2016

It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp ...

CVE-2013-7041 CVE-2014-2583 CVE-2015-3238

USN-2930-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 16th March 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Ben Hawkes discovered an integer overflow in the Linux ...

CVE-2015-7566 CVE-2015-8767 CVE-2016-0723 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134 CVE-2016-3135

USN-2933-1: Exim vulnerabilities - 15th March 2016

It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to the root user. This issue has been fixed by having Exim clean the complete execution environment ...

CVE-2014-2972 CVE-2016-1531

USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities - 14th March 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux kernel did not ...

CVE-2013-4312 CVE-2015-7566 CVE-2015-7833 CVE-2015-8767 CVE-2016-0723 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134

USN-2929-1: Linux kernel vulnerabilities - 14th March 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux kernel did not ...

CVE-2013-4312 CVE-2015-7566 CVE-2015-7833 CVE-2016-0723 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134

USN-2929-2: Linux kernel (Trusty HWE) vulnerabilities - 14th March 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux kernel did not ...

CVE-2013-4312 CVE-2015-7566 CVE-2015-7833 CVE-2016-0723 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134

USN-2931-1: Linux kernel (Utopic HWE) vulnerabilities - 14th March 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) It was discovered that the Linux kernel did not ...

CVE-2013-4312 CVE-2015-8767 CVE-2016-2069 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-3134

USN-2930-2: Linux kernel (Wily HWE) vulnerabilities - 14th March 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Ben Hawkes discovered an integer overflow in the Linux ...

CVE-2015-7566 CVE-2015-8767 CVE-2016-0723 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134 CVE-2016-3135

USN-2930-1: Linux kernel vulnerabilities - 14th March 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Ben Hawkes discovered an integer overflow in the Linux ...

CVE-2015-7566 CVE-2015-8767 CVE-2016-0723 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-3134 CVE-2016-3135

USN-2928-2: Linux kernel (OMAP4) vulnerability - 14th March 2016

Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-2384

USN-2928-1: Linux kernel vulnerability - 14th March 2016

Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

CVE-2016-2384

USN-2927-1: graphite2 vulnerabilities - 14th March 2016

It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802

USN-2920-1: Oxide vulnerabilities - 10th March 2016

It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1630) It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message ...

CVE-2016-1630 CVE-2016-1631 CVE-2016-1633 CVE-2016-1634 CVE-2016-1636 CVE-2016-1637 CVE-2016-1641 CVE-2016-1642 CVE-2016-1643 CVE-2016-1644 CVE-2016-2843 CVE-2016-2844 CVE-2016-2845

USN-2926-1: OTR vulnerability - 10th March 2016

Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-2851

USN-2925-1: Bind vulnerabilities - 9th March 2016

It was discovered that Bind incorrectly handled input received by the rndc control channel. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-1285) It was discovered that Bind incorrectly parsed resource record signatures for DNAME resource records. A remote ...

CVE-2016-1285 CVE-2016-1286

USN-2924-1: NSS vulnerability - 9th March 2016

Francis Gabriel discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-1950

USN-2917-1: Firefox vulnerabilities - 9th March 2016

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. ...

CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1973 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802

USN-2923-1: BeanShell vulnerability - 8th March 2016

Alvaro Muñoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A remote attacker could possibly use this issue to execute arbitrary code.

CVE-2016-2510

USN-2922-1: Samba vulnerabilities - 8th March 2016

Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. (CVE-2015-7560) Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use ...

CVE-2013-0213 CVE-2013-0214 CVE-2015-7560 CVE-2016-0771

USN-2904-1: Thunderbird vulnerabilities - 8th March 2016

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2015-7575) Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. If ...

CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935

USN-2915-3: Django regression - 7th March 2016

USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly ...

LP: 1553251

USN-2921-1: Squid vulnerabilities - 7th March 2016

Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-6270) Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote ...

CVE-2014-6270 CVE-2016-2571

USN-2915-2: Django regression - 7th March 2016

USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Original advisory details: Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site ...

LP: 1553251

USN-2919-1: JasPer vulnerabilities - 3rd March 2016

Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2016-1577) Tyler Hicks discovered that JasPer incorrectly ...

CVE-2016-1577 CVE-2016-2116

USN-2918-1: pixman vulnerability - 3rd March 2016

Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2014-9766

USN-2916-1: Perl vulnerabilities - 2nd March 2016

It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-7422) Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An ...

CVE-2013-7422 CVE-2014-4330 CVE-2016-2381

< Previous   Showing page 4 of 70   Next >
Show: All