Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 4   Next >
Show: All  

USN-3174-1: MySQL vulnerabilities - 19th January 2017

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17. In addition to security fixes, ...

CVE-2016-8318 CVE-2016-8327 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3251 CVE-2017-3256 CVE-2017-3258 CVE-2017-3265 CVE-2017-3273 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3319 CVE-2017-3320

USN-3173-1: NVIDIA graphics drivers vulnerability - 17th January 2017

It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.

CVE-2016-8826

USN-3172-1: Bind vulnerabilities - 12th January 2017

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote ...

CVE-2016-9131 CVE-2016-9147 CVE-2016-9444

USN-3171-1: LibVNCServer vulnerabilities - 11th January 2017

Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

CVE-2016-9941 CVE-2016-9942

USN-3169-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 11th January 2017

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the ...

CVE-2016-9793 CVE-2016-9794

USN-3169-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 11th January 2017

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the ...

CVE-2016-9793 CVE-2016-9794

USN-3169-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794

USN-3166-1: WebKitGTK+ vulnerabilities - 10th January 2017

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2016-4613 CVE-2016-4657 CVE-2016-4666 CVE-2016-4707 CVE-2016-4728 CVE-2016-4733 CVE-2016-4734 CVE-2016-4735 CVE-2016-4759 CVE-2016-4760 CVE-2016-4761 CVE-2016-4762 CVE-2016-4764 CVE-2016-4765 CVE-2016-4767 CVE-2016-4768 CVE-2016-4769 CVE-2016-7578

USN-3164-1: Exim vulnerability - 5th January 2017

Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files.

CVE-2016-9963

USN-3163-1: NSS vulnerabilities - 4th January 2017

It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that ...

CVE-2016-5285 CVE-2016-8635 CVE-2016-9074

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9555 CVE-2016-9644

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9178 CVE-2016-9555

USN-3161-1: Linux kernel vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9555

USN-3158-1: Samba vulnerabilities - 19th December 2016

Frederic Besler and others discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123) Simo Sorce discovered that that Samba clients always requested a forwardable ...

CVE-2016-2123 CVE-2016-2125 CVE-2016-2126

USN-3157-1: Apport vulnerabilities - 14th December 2016

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu ...

CVE-2016-9949 CVE-2016-9950 CVE-2016-9951

USN-3155-1: Firefox vulnerabilities - 13th December 2016

Multiple security vulnerabilities were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, ...

CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904

USN-3156-1: APT vulnerability - 13th December 2016

Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

CVE-2016-1252

USN-3153-1: Oxide vulnerabilities - 9th December 2016

Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via ...

CVE-2016-5204 CVE-2016-5205 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5212 CVE-2016-5213 CVE-2016-5215 CVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652

USN-3151-4: Linux kernel (Raspberry Pi 2) vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3151-3: Linux kernel (Qualcomm Snapdragon) vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3151-1: Linux kernel vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3148-1: Ghostscript vulnerabilities - 1st December 2016

Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) Multiple vulnerabilities were discovered in ...

CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602

USN-3133-1: Oxide vulnerabilities - 1st December 2016

Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5198, CVE-2016-5200, CVE-2016-5202) A heap-corruption issue was discovered in ...

CVE-2016-5198 CVE-2016-5199 CVE-2016-5200 CVE-2016-5202

USN-3141-1: Thunderbird vulnerabilities - 30th November 2016

Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or ...

CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066 CVE-2016-9079

USN-3140-1: Firefox vulnerabilities - 30th November 2016

It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker ...

CVE-2016-9078 CVE-2016-9079

USN-3146-1: Linux kernel vulnerabilities - 30th November 2016

It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did ...

CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 CVE-2016-9644

USN-3143-1: c-ares vulnerability - 30th November 2016

Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-5180

USN-3142-1: ImageMagick vulnerabilities - 30th November 2016

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the ...

CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8862 CVE-2016-9556

USN-3139-1: Vim vulnerability - 28th November 2016

Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.

CVE-2016-1248

USN-3138-1: python-cryptography vulnerability - 28th November 2016

Markus Döring discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key.

CVE-2016-9243

USN-3135-2: GStreamer Good Plugins vulnerability - 28th November 2016

USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Original advisory details: Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with ...

LP: 1643901

USN-3137-1: MoinMoin vulnerabilities - 23rd November 2016

It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within ...

CVE-2016-7146 CVE-2016-7148 CVE-2016-9119

USN-3136-1: LXC vulnerability - 23rd November 2016

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container.

CVE-2016-8649

USN-3135-1: GStreamer Good Plugins vulnerability - 22nd November 2016

Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of ...

LP: 1643901

USN-3134-1: Python vulnerabilities - 22nd November 2016

It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the ...

CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699

USN-3132-1: tar vulnerability - 21st November 2016

Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files.

CVE-2016-6321

USN-3131-1: ImageMagick vulnerabilities - 21st November 2016

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the ...

CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540

USN-3124-1: Firefox vulnerabilities - 18th November 2016

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially ...

CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077

USN-3128-3: Linux kernel (Qualcomm Snapdragon) vulnerability - 11th November 2016

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-7042

USN-3128-1: Linux kernel vulnerability - 11th November 2016

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-7042

USN-3125-1: QEMU vulnerabilities - 9th November 2016

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2016-5403) Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside ...

CVE-2016-5403 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8668 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106

USN-3123-1: curl vulnerabilities - 3rd November 2016

It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to ...

CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624

USN-3122-1: NVIDIA graphics drivers vulnerabilities - 3rd November 2016

It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges.

CVE-2016-7382 CVE-2016-7389

USN-3121-1: OpenJDK 8 vulnerabilities - 3rd November 2016

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An attacker could use this to bypass Java sandbox restrictions. (CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An ...

CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597

USN-3113-1: Oxide vulnerabilities - 2nd November 2016

It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-1586) Multiple security vulnerabilities were discovered in Chromium. ...

CVE-2016-1586 CVE-2016-5181 CVE-2016-5182 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5192 CVE-2016-5194

USN-3120-1: Memcached vulnerabilities - 2nd November 2016

Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-8704 CVE-2016-8705 CVE-2016-8706

USN-3119-1: Bind vulnerability - 1st November 2016

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

CVE-2016-8864

USN-3118-1: Mailman vulnerabilities - 1st November 2016

It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123) Nishant Agarwala ...

CVE-2016-6893 CVE-2016-7123

USN-3117-1: GD library vulnerabilities - 1st November 2016

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. (CVE-2016-6911) Ke Liu discovered that the GD library incorrectly handled certain integers when processing ...

CVE-2016-6911 CVE-2016-7568 CVE-2016-8670

USN-3116-1: DBus vulnerabilities - 1st November 2016

It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0245) It was discovered that DBus incorrectly handled certain format strings. A local ...

CVE-2015-0245

Showing page 1 of 4   Next >
Show: All