Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 5 of 54   Next >
Show: All  

USN-2203-1: Linux kernel vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2202-1: Linux kernel vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2201-1: Linux kernel (Saucy HWE) vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2200-1: Linux kernel (Raring HWE) vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2199-1: Linux kernel (Quantal HWE) vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2198-1: Linux kernel vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2197-1: Linux kernel (EC2) vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2196-1: Linux kernel vulnerability - 5th May 2014

A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

CVE-2014-0196

USN-2194-1: OpenStack Neutron vulnerability - 5th May 2014

Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants.

CVE-2014-0056

USN-2193-1: OpenStack Glance vulnerability - 5th May 2014

Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user.

CVE-2014-0162

USN-2192-1: OpenSSL vulnerabilities - 5th May 2014

It was discovered that OpenSSL incorrectly handled memory in the ssl3_read_bytes() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. (CVE-2010-5298) It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. A remote attacker could use this ...

CVE-2010-5298 CVE-2014-0198

USN-2191-1: OpenJDK 6 vulnerabilities - 1st May 2014

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462, CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) ...

CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427

USN-2190-1: JBIG-KIT vulnerability - 1st May 2014

Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code.

CVE-2013-6369

USN-2183-2: dpkg vulnerability - 1st May 2014

USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory details: Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a ...

CVE-2014-0471

USN-2189-1: Thunderbird vulnerabilities - 30th April 2014

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial ...

CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 LP: 1313886

USN-2184-2: Unity vulnerabilities - 30th April 2014

USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue. We apologize for the inconvenience. Original advisory details: Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen ...

LP: 1314247

USN-2188-1: elfutils vulnerability - 30th April 2014

Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, applications linked against libdw could be made to crash, or possibly execute arbitrary code.

CVE-2014-0172

USN-2187-1: OpenJDK 7 vulnerabilities - 30th April 2014

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, ...

CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 LP: 1283828

USN-2186-1: Date and Time Indicator vulnerability - 30th April 2014

It was discovered that the Date and Time Indicator incorrectly allowed Evolution to be opened at the greeter screen. An attacker could use this issue to possibly gain unexpected access to applications such as a web browser with privileges of the greeter user.

CVE-2013-7374

USN-2185-1: Firefox vulnerabilities - 29th April 2014

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to ...

CVE-2014-1492 CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 LP: 1313464

USN-2184-1: Unity vulnerabilities - 29th April 2014

Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker ...

LP: 1308850 LP: 1313885

USN-2183-1: dpkg vulnerability - 28th April 2014

Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining ...

CVE-2014-0471

USN-2182-1: QEMU vulnerabilities - 28th April 2014

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544) Michael S. Tsirkin discovered that QEMU ...

CVE-2013-4544 CVE-2014-0150 CVE-2014-2894

USN-2181-1: Linux kernel (OMAP4) vulnerabilities - 26th April 2014

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged ...

CVE-2014-0049 CVE-2014-0069

USN-2180-1: Linux kernel (OMAP4) vulnerabilities - 26th April 2014

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged ...

CVE-2014-0049 CVE-2014-0069

USN-2179-1: Linux kernel vulnerabilities - 26th April 2014

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged ...

CVE-2014-0049 CVE-2014-0069

USN-2178-1: Linux kernel vulnerabilities - 26th April 2014

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged ...

CVE-2014-0049 CVE-2014-0069

USN-2177-1: Linux kernel (Saucy HWE) vulnerabilities - 26th April 2014

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged ...

CVE-2014-0049 CVE-2014-0069

USN-2176-1: Linux kernel (Raring HWE) vulnerabilities - 26th April 2014

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged ...

CVE-2014-0049 CVE-2014-0069

USN-2175-1: Linux kernel (Quantal HWE) vulnerabilities - 26th April 2014

A flaw was discovered in the Kernel Virtual Machine (KVM) subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. (CVE-2014-0049) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged ...

CVE-2014-0049 CVE-2014-0069

USN-2174-1: Linux kernel (EC2) vulnerabilities - 26th April 2014

A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a ...

CVE-2014-0101 CVE-2014-2523

USN-2173-1: Linux kernel vulnerabilities - 26th April 2014

A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a ...

CVE-2014-0101 CVE-2014-2523

USN-2172-1: CUPS vulnerability - 24th April 2014

Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.

CVE-2014-2856

USN-2171-1: rsync vulnerability - 23rd April 2014

Ryan Finnie discovered that the rsync daemon incorrectly handled invalid usernames. A remote attacker could use this issue to cause rsync to consume resources, resulting in a denial of service.

CVE-2014-2855

USN-2170-1: MySQL vulnerabilities - 23rd April 2014

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: ...

CVE-2014-0001 CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438 CVE-2014-2440

USN-2169-2: Django regression - 22nd April 2014

USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Original advisory details: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to ...

LP: 1311433

USN-2169-1: Django vulnerabilities - 22nd April 2014

Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. (CVE-2014-0472) Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF ...

CVE-2014-0472 CVE-2014-0473 CVE-2014-0474

USN-2168-1: Python Imaging Library vulnerabilities - 15th April 2014

Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents. (CVE-2014-1932, CVE-2014-1933)

CVE-2014-1932 CVE-2014-1933

USN-2167-1: curl vulnerabilities - 14th April 2014

Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. (CVE-2014-0138) Richard Moore discovered that libcurl incorrectly validated wildcard SSL certificates that contain literal IP addresses. An attacker could possibly ...

CVE-2014-0138 CVE-2014-0139

USN-2166-1: Net-SNMP vulnerabilities - 14th April 2014

Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A remote attacker could use this issue to cause the server to crash or to hang, resulting in a denial of service. (CVE-2012-6151) It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A remote attacker could use this issue to ...

CVE-2012-6151 CVE-2014-2284 CVE-2014-2285 CVE-2014-2310

USN-2124-2: OpenJDK 6 regression - 7th April 2014

USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and ...

LP: 1295987

USN-2165-1: OpenSSL vulnerabilities - 7th April 2014

Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160) Yuval Yarom and Naomi Benger ...

CVE-2014-0076 CVE-2014-0160

USN-2164-1: OpenSSH vulnerability - 7th April 2014

Matthew Vernon discovered that OpenSSH did not correctly check SSHFP DNS records if a server presented an unacceptable host certificate. A malicious server could use this issue to disable SSHFP checking.

CVE-2014-2653

USN-2163-1: PHP vulnerability - 7th April 2014

It was discovered that PHP's embedded libmagic library incorrectly handled PE executables. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.

CVE-2014-2270

USN-2162-1: file vulnerability - 7th April 2014

It was discovered that file incorrectly handled PE executable files. An attacker could use this issue to cause file to crash, resulting in a denial of service.

CVE-2014-2270

USN-2161-1: libyaml-libyaml-perl vulnerabilities - 3rd April 2014

Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6393) Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this ...

CVE-2013-6393 CVE-2014-2525

USN-2160-1: LibYAML vulnerability - 3rd April 2014

Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2014-2525

USN-2159-1: NSS vulnerability - 2nd April 2014

It was discovered that NSS incorrectly handled wildcard certificates when used with internationalized domain names. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

CVE-2014-1492

USN-2158-1: Linux kernel (Raring HWE) vulnerabilities - 1st April 2014

Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345) Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local ...

CVE-2013-4345 CVE-2013-6382 CVE-2014-1690

USN-2157-1: ClamAV update - 27th March 2014

This updates ClamAV to a new major version in order to gain new detection technologies and maintain proper compatibility with the virus signature database.

LP: 1296856

< Previous   Showing page 5 of 54   Next >
Show: All