Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 3 of 75   Next >
Show: All  

USN-3194-1: OpenJDK 7 vulnerabilities - 8th February 2017

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be ...

CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289

USN-3180-1: Oxide vulnerabilities - 8th February 2017

Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL or other UI components, bypass same origin restrictions or other ...

CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5014 CVE-2017-5017 CVE-2017-5019 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026

USN-3175-2: Firefox regression - 6th February 2017

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in Firefox. If a user were tricked in ...

LP: 1659922

USN-3193-1: Nettle vulnerability - 6th February 2017

It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys.

CVE-2016-6489

USN-3192-1: Squid vulnerabilities - 6th February 2017

Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. (CVE-2016-10002) Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker ...

CVE-2016-10002 CVE-2016-10003

USN-3191-1: WebKitGTK+ vulnerabilities - 6th February 2017

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656

USN-3190-1: Linux kernel vulnerabilities - 3rd February 2017

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-10147) It was discovered that a use-after-free existed in the KVM susbsystem of ...

CVE-2016-10147 CVE-2016-10150 CVE-2016-8399 CVE-2016-8632 CVE-2016-9777

USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities - 3rd February 2017

USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly handle ...

CVE-2016-10147 CVE-2016-8399

USN-3189-1: Linux kernel vulnerabilities - 3rd February 2017

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-10147) Qidan He discovered that the ICMP implementation in the Linux kernel did ...

CVE-2016-10147 CVE-2016-8399

USN-3188-2: Linux kernel (Trusty HWE) vulnerability - 3rd February 2017

USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A ...

CVE-2016-9555

USN-3188-1: Linux kernel vulnerability - 3rd February 2017

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash).

CVE-2016-9555

USN-3187-1: Linux kernel vulnerabilities - 3rd February 2017

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local ...

CVE-2016-9555 CVE-2016-9685

USN-3177-2: Tomcat regression - 2nd February 2017

USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A ...

LP: 1659589

USN-3186-1: iucode-tool vulnerability - 1st February 2017

It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-0357

USN-3185-1: libXpm vulnerability - 1st February 2017

It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-10164

USN-3184-1: Irssi vulnerabilities - 1st February 2017

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial ...

CVE-2016-7553 CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 CVE-2017-5356

USN-3183-1: GnuTLS vulnerabilities - 1st February 2017

Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could ...

CVE-2016-7444 CVE-2016-8610 CVE-2017-5334 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337

USN-3182-1: NTFS-3G vulnerability - 1st February 2017

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules.

CVE-2017-0358

USN-3181-1: OpenSSL vulnerabilities - 31st January 2017

Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a ...

CVE-2016-2177 CVE-2016-7055 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 CVE-2017-3732

USN-3165-1: Thunderbird vulnerabilities - 27th January 2017

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on <marquee> elements ...

CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396

USN-3175-1: Firefox vulnerabilities - 27th January 2017

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR ...

CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5393 CVE-2017-5396

USN-3179-1: OpenJDK 8 vulnerabilities - 25th January 2017

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be ...

CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289

USN-3178-1: icoutils vulnerabilities - 24th January 2017

It was discovered that icoutils incorrectly handled memory when processing certain files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause icoutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333

USN-3177-1: Tomcat vulnerabilities - 23rd January 2017

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that ...

CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2016-9774 CVE-2016-9775

USN-3176-1: PCSC-Lite vulnerability - 23rd January 2017

Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges.

CVE-2016-10109

USN-3174-1: MySQL vulnerabilities - 19th January 2017

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17. In addition to security fixes, ...

CVE-2016-8318 CVE-2016-8327 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3251 CVE-2017-3256 CVE-2017-3258 CVE-2017-3265 CVE-2017-3273 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3319 CVE-2017-3320

USN-3173-1: NVIDIA graphics drivers vulnerability - 17th January 2017

It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.

CVE-2016-8826

USN-3172-1: Bind vulnerabilities - 12th January 2017

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote ...

CVE-2016-9131 CVE-2016-9147 CVE-2016-9444

USN-3171-1: LibVNCServer vulnerabilities - 11th January 2017

Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

CVE-2016-9941 CVE-2016-9942

USN-3170-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 11th January 2017

Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9919) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling ...

CVE-2016-9793 CVE-2016-9919

USN-3170-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when ...

CVE-2016-9756 CVE-2016-9793

USN-3169-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 11th January 2017

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the ...

CVE-2016-9793 CVE-2016-9794

USN-3169-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 11th January 2017

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the ...

CVE-2016-9793 CVE-2016-9794

USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities - 11th January 2017

USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794

USN-3169-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794

USN-3168-2: Linux kernel (Trusty HWE) vulnerabilities - 11th January 2017

USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806

USN-3168-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806

USN-3167-2: Linux kernel (OMAP4) vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Baozeng Ding discovered a race condition that could lead to a use-after- free in ...

CVE-2016-9756 CVE-2016-9794

USN-3167-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). Baozeng Ding discovered a race condition that could lead to a use-after- free in the ...

CVE-2016-9756 CVE-2016-9794

USN-3166-1: WebKitGTK+ vulnerabilities - 10th January 2017

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2016-4613 CVE-2016-4657 CVE-2016-4666 CVE-2016-4707 CVE-2016-4728 CVE-2016-4733 CVE-2016-4734 CVE-2016-4735 CVE-2016-4759 CVE-2016-4760 CVE-2016-4761 CVE-2016-4762 CVE-2016-4764 CVE-2016-4765 CVE-2016-4767 CVE-2016-4768 CVE-2016-4769 CVE-2016-7578

USN-3164-1: Exim vulnerability - 5th January 2017

Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files.

CVE-2016-9963

USN-3163-1: NSS vulnerabilities - 4th January 2017

It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that ...

CVE-2016-5285 CVE-2016-8635 CVE-2016-9074

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 20th December 2016

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux ...

CVE-2016-6213 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9313 CVE-2016-9555

USN-3162-1: Linux kernel vulnerabilities - 20th December 2016

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel ...

CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9313 CVE-2016-9555

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9555 CVE-2016-9644

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9178 CVE-2016-9555

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities - 20th December 2016

USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9555

USN-3161-1: Linux kernel vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9555

USN-3160-2: Linux kernel (Trusty HWE) vulnerabilities - 20th December 2016

USN-3160-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the ...

CVE-2016-6213 CVE-2016-7916

USN-3160-1: Linux kernel vulnerabilities - 20th December 2016

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) It was discovered that a race condition existed in the procfs environ_read function ...

CVE-2016-6213 CVE-2016-7916

< Previous   Showing page 3 of 75   Next >
Show: All