Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 5 of 52   Next >
Show: All  

USN-2138-1: Linux kernel vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2137-1: Linux kernel (Saucy HWE) vulnerabilities - 7th March 2014

An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC connection(/dcc) via a NAT-ed network. (CVE-2014-1690) Matthew Thode ...

CVE-2014-1690 CVE-2014-1874 CVE-2014-2038

USN-2136-1: Linux kernel (Raring HWE) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6380 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2013-7339 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2135-1: Linux kernel (Quantal HWE) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual ...

CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2013-7339 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2134-1: Linux kernel (OMAP4) vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization ...

CVE-2013-4579 CVE-2013-6368 CVE-2013-7339 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2133-1: Linux kernel vulnerabilities - 7th March 2014

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization ...

CVE-2013-4579 CVE-2013-6368 CVE-2013-7339 CVE-2014-1438 CVE-2014-1446 CVE-2014-1874

USN-2132-1: ImageMagick vulnerabilities - 6th March 2014

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain restart markers in JPEG images. If a user or automated system using ImageMagick were tricked into opening a specially crafted JPEG image, an attacker could exploit this to cause memory consumption, resulting in a denial of service. ...

CVE-2012-0260 CVE-2014-1958 CVE-2014-2030

USN-2131-1: IcedTea Web vulnerability - 6th March 2014

Michael Scherer discovered that IcedTea Web created temporary directories in an unsafe fashion. A local attacker could possibly use this issue to obtain or modify sensitive information from other local user sessions.

CVE-2013-6493

USN-2130-1: Tomcat vulnerabilities - 6th March 2014

It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. (CVE-2013-4286) It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat ...

CVE-2013-4286 CVE-2013-4322 CVE-2014-0033 CVE-2014-0050

USN-2129-1: Linux kernel (EC2) vulnerabilities - 5th March 2014

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. ...

CVE-2013-0160 CVE-2013-2929 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7027 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874

USN-2128-1: Linux kernel vulnerabilities - 5th March 2014

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. ...

CVE-2013-0160 CVE-2013-2929 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7027 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874

USN-2127-1: GnuTLS vulnerability - 4th March 2014

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.

CVE-2014-0092

USN-2126-1: PHP vulnerabilities - 3rd March 2014

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-1943) It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker ...

CVE-2013-7226 CVE-2013-7327 CVE-2013-7328 CVE-2014-1943 CVE-2014-2020

USN-2125-1: Python vulnerability - 3rd March 2014

Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes when using the socket.recvfrom_into() function. An attacker could possibly use this issue to cause Python to crash, resulting in denial of service, or possibly execute arbitrary code.

CVE-2014-1912

USN-2124-1: OpenJDK 6 vulnerabilities - 27th February 2014

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to ...

CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 LP: 1283828

USN-2123-1: file vulnerabilities - 26th February 2014

It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-1571) Bernd Melchers discovered that file incorrectly handled indirect offset values. An ...

CVE-2012-1571 CVE-2014-1943

USN-2122-1: FreeRADIUS vulnerabilities - 26th February 2014

It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. (CVE-2011-4966) Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap hash processing. An authenticated user could use this issue to cause FreeRADIUS to crash, resulting in a denial of service, or possibly ...

CVE-2011-4966 CVE-2014-2015

USN-2121-1: GnuTLS vulnerability - 25th February 2014

Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.

CVE-2014-1959

USN-2120-1: PostgreSQL vulnerabilities - 24th February 2014

Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. (CVE-2014-0060) Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue ...

CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066

USN-2102-2: Firefox regression - 19th February 2014

USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew ...

LP: 1274468

USN-2119-1: Thunderbird vulnerabilities - 19th February 2014

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a ...

CVE-2013-6674 CVE-2014-1477 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 LP: 1274894

USN-2117-1: Linux kernel vulnerabilities - 18th February 2014

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote ...

CVE-2013-4563 CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6382 CVE-2013-6432 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2013-7339 CVE-2014-1438 CVE-2014-1446

USN-2116-1: Linux kernel (OMAP4) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ...

CVE-2013-2929 CVE-2013-4592 CVE-2013-6378 CVE-2013-6380

USN-2115-1: Linux kernel (OMAP4) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ...

CVE-2013-2929 CVE-2013-4592 CVE-2013-6378 CVE-2013-6380

USN-2114-1: Linux kernel vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ...

CVE-2013-2929 CVE-2013-4592 CVE-2013-6378 CVE-2013-6380

USN-2113-1: Linux kernel (Saucy HWE) vulnerabilities - 18th February 2014

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote ...

CVE-2013-4563 CVE-2013-4579 CVE-2013-4587 CVE-2013-6367 CVE-2013-6368 CVE-2013-6376 CVE-2013-6382 CVE-2013-6432 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281 CVE-2013-7339 CVE-2014-1438 CVE-2014-1446

USN-2112-1: Linux kernel (Raring HWE) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function ...

CVE-2013-2929 CVE-2013-2930 CVE-2013-4348 CVE-2013-4592 CVE-2013-6378

USN-2111-1: Linux kernel (Quantal HWE) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ...

CVE-2013-2929 CVE-2013-4592 CVE-2013-6378 CVE-2013-6380

USN-2110-1: Linux kernel (OMAP4) vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local ...

CVE-2013-2929 CVE-2013-4345 CVE-2013-4348 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281

USN-2109-1: Linux kernel vulnerabilities - 18th February 2014

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local ...

CVE-2013-2929 CVE-2013-4345 CVE-2013-4348 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2013-7281

USN-2108-1: Linux kernel (EC2) vulnerabilities - 18th February 2014

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in ...

CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7281

USN-2107-1: Linux kernel vulnerabilities - 18th February 2014

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in ...

CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7281

USN-2105-1: MAAS vulnerabilities - 13th February 2014

James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. (CVE-2013-1069) Chris Glass discovered that the MAAS API was vulnerable to ...

CVE-2013-1069 CVE-2013-1070

USN-2098-2: LibYAML regression - 13th February 2014

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use ...

LP: 1279805

USN-2104-1: LXC vulnerability - 12th February 2014

Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host.

CVE-2013-6441

USN-2103-1: Libav vulnerabilities - 11th February 2014

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

LP: 1277173

USN-2102-1: Firefox vulnerabilities - 10th February 2014

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially ...

CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 LP: 1274468

USN-2101-1: libgadu vulnerability - 10th February 2014

Yves Younan and Ryan Pentney discovered that libgadu incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2013-6487

USN-2100-1: Pidgin vulnerabilities - 6th February 2014

Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2012-6152) Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote attacker could use this issue ...

CVE-2012-6152 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020

USN-2099-1: Perl vulnerability - 5th February 2014

It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates.

CVE-2012-6329

USN-2098-1: LibYAML vulnerability - 4th February 2014

Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2013-6393

USN-2097-1: curl vulnerability - 3rd February 2014

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.

CVE-2014-0015

USN-2096-1: Linux kernel vulnerability - 30th January 2014

Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

CVE-2014-0038

USN-2095-1: Linux kernel (Saucy HWE) vulnerability - 30th January 2014

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

CVE-2014-0038

USN-2094-1: Linux kernel (Raring HWE) vulnerability - 30th January 2014

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

CVE-2014-0038

USN-2093-1: libvirt vulnerabilities - 30th January 2014

Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-6436) Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A ...

CVE-2013-6436 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-1447

USN-2092-1: QEMU vulnerabilities - 30th January 2014

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344) It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a ...

CVE-2013-4344 CVE-2013-4375 CVE-2013-4377

USN-2091-1: OTR vulnerabilities - 29th January 2014

This update disables the OTR v1 protocol to prevent protocol downgrade attacks.

LP: 1266016

USN-2090-1: Munin vulnerabilities - 27th January 2014

Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. (CVE-2013-6048) Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names. A remote attacker could use this issue to cause ...

CVE-2013-6048 CVE-2013-6359

USN-2089-1: OpenJDK 7 vulnerabilities - 23rd January 2014

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a ...

CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428

< Previous   Showing page 5 of 52   Next >
Show: All