Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Show: All  

USN-2114-1: Linux kernel vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ...

CVE-2013-2929 CVE-2013-4592 CVE-2013-6378 CVE-2013-6380

USN-2113-1: Linux kernel (Saucy HWE) vulnerabilities - 18th February 2014

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote ...

CVE-2013-4563 CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6382 CVE-2013-6432 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2013-7339 CVE-2014-1438 CVE-2014-1446

USN-2112-1: Linux kernel (Raring HWE) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's perf event subsystem that allows normal users to enable function ...

CVE-2013-2929 CVE-2013-2930 CVE-2013-4592 CVE-2013-6378

USN-2111-1: Linux kernel (Quantal HWE) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ...

CVE-2013-2929 CVE-2013-4592 CVE-2013-6378 CVE-2013-6380

USN-2110-1: Linux kernel (OMAP4) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local ...

CVE-2013-2929 CVE-2013-4345 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281

USN-2109-1: Linux kernel vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local ...

CVE-2013-2929 CVE-2013-4345 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281

USN-2108-1: Linux kernel (EC2) vulnerabilities - 18th February 2014

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in ...

CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7281

USN-2107-1: Linux kernel vulnerabilities - 18th February 2014

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in ...

CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7281

USN-2105-1: MAAS vulnerabilities - 13th February 2014

James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. (CVE-2013-1069) Chris Glass discovered that the MAAS API was vulnerable to ...

CVE-2013-1069 CVE-2013-1070

USN-2098-2: LibYAML regression - 13th February 2014

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use ...

LP: 1279805

USN-2104-1: LXC vulnerability - 12th February 2014

Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host.

CVE-2013-6441

USN-2103-1: Libav vulnerabilities - 11th February 2014

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

LP: 1277173

USN-2102-1: Firefox vulnerabilities - 10th February 2014

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially ...

CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 LP: 1274468

USN-2101-1: libgadu vulnerability - 10th February 2014

Yves Younan and Ryan Pentney discovered that libgadu incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2013-6487

USN-2100-1: Pidgin vulnerabilities - 6th February 2014

Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2012-6152) Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote attacker could use this issue ...

CVE-2012-6152 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020

USN-2099-1: Perl vulnerability - 5th February 2014

It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates.

CVE-2012-6329

USN-2098-1: LibYAML vulnerability - 4th February 2014

Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2013-6393

USN-2097-1: curl vulnerability - 3rd February 2014

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.

CVE-2014-0015

USN-2096-1: Linux kernel vulnerability - 30th January 2014

Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

CVE-2014-0038

USN-2095-1: Linux kernel (Saucy HWE) vulnerability - 30th January 2014

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

CVE-2014-0038

USN-2094-1: Linux kernel (Raring HWE) vulnerability - 30th January 2014

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

CVE-2014-0038

USN-2093-1: libvirt vulnerabilities - 30th January 2014

Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-6436) Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A ...

CVE-2013-6436 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-1447

USN-2092-1: QEMU vulnerabilities - 30th January 2014

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344) It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a ...

CVE-2013-4344 CVE-2013-4375 CVE-2013-4377

USN-2091-1: OTR vulnerabilities - 29th January 2014

This update disables the OTR v1 protocol to prevent protocol downgrade attacks.

LP: 1266016

USN-2090-1: Munin vulnerabilities - 27th January 2014

Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. (CVE-2013-6048) Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names. A remote attacker could use this issue to cause ...

CVE-2013-6048 CVE-2013-6359

USN-2089-1: OpenJDK 7 vulnerabilities - 23rd January 2014

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a ...

CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428

USN-2088-1: NSS vulnerability - 23rd January 2014

Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

CVE-2013-1740

USN-2087-1: NSPR vulnerability - 23rd January 2014

It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.

CVE-2013-5607

USN-2086-1: MySQL vulnerabilities - 21st January 2014

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35. In addition to security fixes, the updated ...

CVE-2013-5891 CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0437

USN-2085-1: HPLIP vulnerabilities - 21st January 2014

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. (CVE-2013-6402) It was discovered that HPLIP contained ...

CVE-2013-6402 CVE-2013-6427

USN-2084-1: devscripts vulnerability - 21st January 2014

It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code.

CVE-2013-6888

USN-2083-1: Graphviz vulnerabilities - 16th January 2014

It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. (CVE-2014-0978, CVE-2014-1235) It was discovered that Graphviz incorrectly handled memory in the chkNum function. ...

CVE-2014-0978 CVE-2014-1235 CVE-2014-1236

USN-2082-1: CUPS vulnerability - 15th January 2014

Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.

CVE-2013-6891

USN-2081-1: Bind vulnerability - 13th January 2014

Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.

CVE-2014-0591

USN-2080-1: Memcached vulnerabilities - 13th January 2014

Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. (CVE-2011-4971) Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use ...

CVE-2011-4971 CVE-2013-0179 CVE-2013-7239

USN-2079-1: OpenSSL vulnerabilities - 9th January 2014

Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-4353) Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use ...

CVE-2013-4353 CVE-2013-6449 CVE-2013-6450

USN-2077-2: Puppet regression - 9th January 2014

USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue ...

LP: 1267385

USN-2078-1: libXfont vulnerability - 7th January 2014

It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of ...

CVE-2013-6462

USN-2077-1: Puppet vulnerability - 6th January 2014

It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

CVE-2013-4969

USN-2076-1: Linux kernel (OMAP4) vulnerabilities - 3rd January 2014

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel's ansi ...

CVE-2013-2930 CVE-2013-4345 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027

USN-2074-1: Linux kernel (OMAP4) vulnerabilities - 3rd January 2014

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel's ansi ...

CVE-2013-2930 CVE-2013-4345 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027

USN-2075-1: Linux kernel vulnerabilities - 3rd January 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function ...

CVE-2013-2929 CVE-2013-2930 CVE-2013-4345 CVE-2013-4348 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-4516 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6763 CVE-2013-7026

USN-2073-1: Linux kernel vulnerabilities - 3rd January 2014

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in ...

CVE-2013-4470 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-4516 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027

USN-2072-1: Linux kernel (OMAP4) vulnerabilities - 3rd January 2014

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel's ansi ...

CVE-2013-2930 CVE-2013-4345 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027

USN-2071-1: Linux kernel vulnerabilities - 3rd January 2014

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel's ansi ...

CVE-2013-2930 CVE-2013-4345 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027

USN-2070-1: Linux kernel (Saucy HWE) vulnerabilities - 3rd January 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function ...

CVE-2013-2929 CVE-2013-2930 CVE-2013-4345 CVE-2013-4348 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-4516 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6763 CVE-2013-7026

USN-2069-1: Linux kernel (Raring HWE) vulnerabilities - 3rd January 2014

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in ...

CVE-2013-4470 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-4516 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027 CVE-2014-1444 CVE-2014-1445

USN-2068-1: Linux kernel (Quantal HWE) vulnerabilities - 3rd January 2014

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel's ansi ...

CVE-2013-2930 CVE-2013-4345 CVE-2013-4511 CVE-2013-4513 CVE-2013-4514 CVE-2013-4515 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027

USN-2067-1: Linux kernel (OMAP4) vulnerabilities - 3rd January 2014

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to ...

CVE-2013-4299 CVE-2013-4470 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4592 CVE-2013-6282 CVE-2013-6378 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027 CVE-2014-1444 CVE-2014-1445

USN-2066-1: Linux kernel vulnerabilities - 3rd January 2014

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to ...

CVE-2013-4299 CVE-2013-4470 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4592 CVE-2013-6378 CVE-2013-6383 CVE-2013-6763 CVE-2013-7027 CVE-2014-1444 CVE-2014-1445

Show: All