KrISS feed 8.14
- Un simple et superbe (ou stupide) lecteur de flux. Par
Tontof
-
Oct 27, 2020
-
Ubuntu security notices
-
lire
USN-4603-1: MariaDB vulnerabilities
mariadb-10.1, mariadb-10.3 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in MariaDB.
Software Description
mariadb-10.3 - MariaDB database
mariadb-10.1 - MariaDB database
Details
It was discovered that MariaDB didn’t properly validate the content of a packet
received from a server. A remote attacker could use this vulnerability to sent
a specialy crafted file t
-
Oct 27, 2020
-
Ubuntu security notices
-
lire
USN-4600-2: Netty vulnerabilities
netty vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
netty could be made to crash or run programs if it received
specially crafted network traffic.
Software Description
netty - None
Details
USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides
the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty.
Also it was discovered that Netty allow for unbounded memory allocation. A
remote at
-
Oct 26, 2020
-
Ubuntu security notices
-
lire
USN-4599-2: Firefox vulnerabilities
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description
firefox - Mozilla Open Source web browser
Details
USN-4599-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a
-
Oct 23, 2020
-
Ubuntu security notices
-
lire
USN-4599-1: Firefox vulnerabilities
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description
firefox - Mozilla Open Source web browser
Details
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to caus
-
Oct 23, 2020
-
Ubuntu security notices
-
lire
USN-4601-1: pip vulnerability
python-pip vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
pip could be made to overwrite files as the administrator.
Software Description
python-pip - Python package installer
Details
It was discovered that pip did not properly sanitize the filename during
pip install. A remote attacker could possible use this issue to read and
write arbitrary files on the host filesystem as root, resulting in a
directory traversal atta
-
Oct 22, 2020
-
Ubuntu security notices
-
lire
USN-4600-1: Netty vulnerabilities
netty-3.9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Netty could be made to expose sensitive information over the
network.
Software Description
netty-3.9 - Asynchronous event-driven network application framework
Details
It was discovered that Netty had HTTP request smuggling vulnerabilities. A
remote attacker could used it to extract sensitive information. (CVE-2019-16869,
CVE-2019-20444, CVE-2019-20445, CVE-2020-
-
Oct 22, 2020
-
Ubuntu security notices
-
lire
USN-4593-2: FreeType vulnerability
freetype vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 ESM
Summary
FreeType could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description
freetype - FreeType 2 is a font engine library
Details
USN-4593-1 fixed a vulnerability in FreeType. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Sergei Glazunov discovered that FreeType did no
-
Oct 22, 2020
-
Ubuntu security notices
-
lire
USN-4598-1: LibEtPan vulnerability
libetpan vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
LibEtPan could be made to expose sensitive information over the network.
Software Description
libetpan - Mail Framework for C Language
Details
It was discovered that LibEtPan incorrectly handled STARTTLS when using
IMAP, SMTP and POP3. A remote attacker could possibly use this issue
to perform a response injection attack. (CVE-2020-15953)
Update instructions
The
-
Oct 22, 2020
-
Ubuntu security notices
-
lire
USN-4597-1: mod_auth_mellon vulnerabilities
libapache2-mod-auth-mellon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in mod_auth_mellon.
Software Description
libapache2-mod-auth-mellon - SAML 2.0 authentication module for Apache
Details
François Kooman discovered that mod_auth_mellon incorrectly handled
cookies. An attacker could possibly use this issue to cause a Cross-Site
Session Transfer attack. (CVE-2017-6807)
It was di
-
Oct 21, 2020
-
Ubuntu security notices
-
lire
USN-4552-2: Pam-python vulnerability
pam-python vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Pam-python could be made to crash or run programs as an administrator
if certain environment variables are set.
Software Description
pam-python - Enables PAM modules to be written in Python
Details
Malte Kraus discovered that Pam-python mishandled certain environment
variables. A local attacker could potentially use this vulnerability to
execute programs as root.
-
Oct 21, 2020
-
Ubuntu security notices
-
lire
USN-4596-1: Tomcat vulnerabilities
tomcat9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
Several security issues were fixed in Tomcat.
Software Description
tomcat9 - Apache Tomcat 9 - Servlet and JSP engine
Details
It was discovered that Tomcat did not properly manage HTTP/2 streams. An
attacker could possibly use this to cause Tomcat to consume resources,
resulting in a denial of service. (CVE-2020-11996)
It was discovered that Tomcat did not proper
-
Oct 20, 2020
-
Ubuntu security notices
-
lire
USN-4595-1: Grunt vulnerability
grunt vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Grunt could be made to run programs if it received specially crafted
input.
Software Description
grunt - JavaScript task runner/build system/maintainer tool
Details
It was discovered that Grunt did not properly load yaml files. An attacker
could possibly use this to execute arbitrary code. (CVE-2020-7729)
Update instructions
The problem can be corrected by updating
-
Oct 20, 2020
-
Ubuntu security notices
-
lire
USN-4594-1: Quassel vulnerabilities
quassel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Quassel could be made to crash or run programs if it received
specially crafted network traffic.
Software Description
quassel - distributed IRC client - monolithic core+client
Details
It was discovered that Quassel incorrectly handled Qdatastream protocol. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-1000178)
It was discove
-
Oct 20, 2020
-
Ubuntu security notices
-
lire
USN-4587-1: iTALC vulnerabilities
italc vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in iTALC.
Software Description
italc - didact tool which allows teachers to view and control computer labs
Details
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn’t check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbi
-
Oct 20, 2020
-
Ubuntu security notices
-
lire
USN-4586-1: PHP ImageMagick vulnerability
php-imagick vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
PHP ImageMagick could be made to crash if it received specially crafted
input.
Software Description
php-imagick - PHP extension to create and modify images using the ImageMagick API
Details
It was discovered that PHP ImageMagick extension didn’t check the address used
by an array. An attacker could use this issue to cause PHP ImageMagick to
crash, resultin
-
Oct 20, 2020
-
Ubuntu security notices
-
lire
USN-4593-1: FreeType vulnerability
freetype vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
FreeType could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description
freetype - FreeType 2 is a font engine library
Details
Sergei Glazunov discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font f
-
Oct 20, 2020
-
Ubuntu security notices
-
lire
USN-4592-1: Linux kernel vulnerabilities
linux-oem-osp1, linux-raspi2-5.3 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux-oem-osp1 - Linux kernel for OEM systems
linux-raspi2-5.3 - Linux kernel for Raspberry Pi (V8) systems
Details
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
a
-
Oct 20, 2020
-
Ubuntu security notices
-
lire
USN-4591-1: Linux kernel vulnerabilities
linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux - Linux kernel
linux-raspi - Linux kernel for Raspberry Pi (V8) systems
linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
linux-oem - Linux kernel for OEM systems
l
-
Oct 19, 2020
-
Ubuntu security notices
-
lire
USN-4590-1: Collabtive vulnerability
collabtive vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Collabtive could be made to run programs if it received
specially crafted network traffic from an authenticated user.
Software Description
collabtive - Web-based project management software
Details
It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive
-
Oct 16, 2020
-
Ubuntu security notices
-
lire
USN-4585-1: Newsbeuter vulnerabilities
newsbeuter vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Newsbeuter could be made to crash or run programs as your login if it
opened a malicious file.
Software Description
newsbeuter - open-source RSS/Atom feed reader for text terminals
Details
It was discovered that Newsbeuter didn’t handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (C
-
Oct 15, 2020
-
Ubuntu security notices
-
lire
USN-4584-1: HtmlUnit vulnerability
htmlunit vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
HtmlUnit could be made to crash or run programs as an administrator
if it opened a specially crafted file.
Software Description
htmlunit - headless web browser written in Java
Details
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An
Attacker could possibly use this issue to execute arbitrary Java code.
Update instructions
The problem can b
-
Oct 15, 2020
-
Ubuntu security notices
-
lire
USN-4589-2: Docker vulnerability
docker.io vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Docker could be made to expose sensitive information over the
network.
Software Description
docker.io - Linux container runtime
Details
USN-4589-1 fixed a vulnerability in containerd. This update provides
the corresponding update for docker.io.
Original advisory details:
It was discovered that containerd could be made to expose
-
Oct 15, 2020
-
Ubuntu security notices
-
lire
USN-4589-1: containerd vulnerability
containerd vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
containerd could be made to expose sensitive information over the
network.
Software Description
containerd - daemon to control containers
Details
It was discovered that containerd could be made to expose sensitive
information when processing URLs in container image manifests. A
remote attacker could use this to trick the user and obtain the
user’s registry
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4583-1: PHP vulnerabilities
php5, php7.0, php7.2, php7.4 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Ubuntu 12.04 ESM
Summary
Several security issues were fixed in PHP.
Software Description
php7.4 - server-side, HTML-embedded scripting language (metapackage)
php7.2 - HTML-embedded scripting language interpreter
php7.0 - HTML-embedded scripting language interpreter
php5 - HTML-embedded scripting language
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4582-1: Vim vulnerabilities
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Vim.
Software Description
vim - Vi IMproved - enhanced vi editor
Details
It was discovered that Vim incorrectly handled permissions on the .swp
file. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17087)
It was discovered that V
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4581-1: Python vulnerability
python2.7, python3.4, python3.5, python3.6 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Ubuntu 12.04 ESM
Summary
Python could be used to perform a CRLF injection if it received a specially crafted request.
Software Description
python2.7 - An interactive high-level object-oriented language
python3.6 - An interactive high-level object-oriented language
python3.5 - An interactive high-level object-
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
LSN-0072-1: Kernel Live Patch Security Notice
Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 20.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the kernel.
Software Description
linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-azure - Linux kernel for Microsoft Azure Cloud systems
linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
linux-oem - Linux kernel fo
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4577-1: Linux kernel vulnerabilities
linux-hwe, linux-gke-5.0, linux-gke-5.3, linux-oem-osp1, linux-raspi2-5.3 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux-gke-5.0 - Linux kernel for Google Container Engine (GKE) systems
linux-gke-5.3 - Linux kernel for Google Container Engine (GKE) systems
linux-hwe - Linux hardware enablement (HWE) kernel
linux-oem-osp1 - Linux kernel for
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4580-1: Linux kernel vulnerability
linux, linux-lts-trusty vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 ESM
Ubuntu 12.04 ESM
Summary
The system could be made to crash or possibly run programs as an
administrator.
Software Description
linux - Linux kernel
linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise ESM
Details
Hador Manor discovered that the DCCP protocol implementation in the Linux
kernel improperly handled socket reuse, leading to
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4579-1: Linux kernel vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-kvm - Linux kernel for cloud environments
linux-raspi2 - Linux kernel for Raspberry Pi (V8) systems
linux-snapdrago
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4578-1: Linux kernel vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) syste
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4576-1: Linux kernel vulnerabilities
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-azure - Linux ker
-
Oct 14, 2020
-
Ubuntu security notices
-
lire
USN-4575-1: dom4j vulnerability
dom4j vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
dom4j could be made to expose sensitive information or run programs if it
received specially crafted input.
Software Description
dom4j - Flexible XML framework for Java
Details
It was discovered that dom4j incorrectly handled reading XML data. A
remote attacker could exploit this with a crafted XML file to expose
sensitive data or possibly execute arbitrary code. (CVE
-
Oct 07, 2020
-
Ubuntu security notices
-
lire
USN-4574-1: libseccomp-golang vulnerability
golang-github-seccomp-libseccomp-golang vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
A system hardening measure could be bypassed.
Software Description
golang-github-seccomp-libseccomp-golang - a Go-based interface to the libseccomp library
Details
It was discovered that libseccomp-golang did not properly generate BPFs. If
a process were running under a restrictive seccomp filter that specified
multiple syscall argume
-
Oct 07, 2020
-
Ubuntu security notices
-
lire
USN-4572-2: Spice vulnerability
spice vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 ESM
Summary
Spice could be made to crash or run programs if it received specially
crafted network traffic.
Software Description
spice - SPICE protocol client and server library
Details
USN-4572-1 fixed a vulnerability in Spice. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Frediano Ziglio discovered that Spice incorrectly handled
-
Oct 07, 2020
-
Ubuntu security notices
-
lire
USN-4573-1: Vino vulnerabilities
vino vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Vino.
Software Description
vino - VNC server for GNOME
Details
Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText
messages. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. (CVE-2014-6053)
It was discovered that Vino in
-
Oct 06, 2020
-
Ubuntu security notices
-
lire
USN-4572-1: Spice vulnerability
spice vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Spice could be made to crash or run programs if it received specially
crafted network traffic.
Software Description
spice - SPICE protocol client and server library
Details
Frediano Ziglio discovered that Spice incorrectly handled QUIC image
decoding. A remote attacker could use this to cause Spice to crash,
resulting in a denial of s
-
Oct 05, 2020
-
Ubuntu security notices
-
lire
USN-4571-1: rack-cors vulnerability
ruby-rack-cors vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
rack-cors would allow unintended access to files over the network.
Software Description
ruby-rack-cors - provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications
Details
It was discovered that rack-cors did not properly handle relative file
paths. An attacker could use this vulnerability to access arbitrary files.
Update
-
Oct 05, 2020
-
Ubuntu security notices
-
lire
USN-4564-1: Apache Tika vulnerabilities
tika vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Apache Tika could be made to crash if it opened a specially crafted
file.
Software Description
tika - A content analysis toolkit
Details
It was discovered that Apache Tika can have an excessive memory usage by
using a crafted or corrupt PSD file. An attacker could use it to cause a
denial of service (crash). (CVE-2020-1950, CVE-2020-1951)
Update instructions
The pr
-
Oct 05, 2020
-
Ubuntu security notices
-
lire
USN-4570-1: urllib3 vulnerability
python-urllib3 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
urllib3 could be used to perform a CRLF injection if it received a
specially crafted request.
Software Description
python-urllib3 - HTTP library with thread-safe connection pooling
Details
It was discovered that urllib3 incorrectly handled certain character
sequences. A remote attacker could possibly use this issue to perform
-
Oct 05, 2020
-
Ubuntu security notices
-
lire
USN-4569-1: Yaws vulnerabilities
yaws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in Yaws.
Software Description
yaws - High performance HTTP 1.1 webserver written in Erlang
Details
It was discovered that Yaws did not properly sanitize XML input. A remote
attacker could use this vulnerability to execute an XML External Entity
(XXE) injection attack. (CVE-2020-24379)
It was discovered that Yaws mishandled certain
-
Oct 01, 2020
-
Ubuntu security notices
-
lire
USN-4563-1: NTP vulnerability
ntp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
NTP could be made to crash.
Software Description
ntp - Network Time Protocol daemon and utility programs
Details
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer
dereference into NTP. An attacker could use this vulnerability to cause a
denial of service (crash).
Update instructions
The problem can be corrected by updating your system to the f
-
Sep 30, 2020
-
Ubuntu security notices
-
lire
USN-4562-1: kramdown vulnerability
ruby-kramdown vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
kramdown could be made to crash, run programs, or leak sensitive information if
it opened a specially crafted file.
Software Description
ruby-kramdown - Fast, pure-Ruby Markdown-superset converter - ruby library
Details
It was discovered that kramdown insecurely handled certain crafted input.
An attacker could use this vulnerability to read restricted files or
-
Sep 30, 2020
-
Ubuntu security notices
-
lire
USN-4561-1: Rack vulnerabilities
ruby-rack vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Rack could be made to expose sensitive information over the network.
Software Description
ruby-rack - modular Ruby webserver interface
Details
It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information.
(CVE-2020-8161)
It was discovered that Rack incorrectly validated cookies. An atta
-
Sep 30, 2020
-
Ubuntu security notices
-
lire
USN-4560-1: Gon gem vulnerability
ruby-gon vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Gon gem could be made to run programs if it received specially crafted network
traffic.
Software Description
ruby-gon - Ruby library to send data to JavaScript from a Ruby application
Details
It was discovered that Gon gem did not properly escape certain input. An
attacker could use this vulnerability to execute a cross-site scripting
(XSS) attack.
Update instruct
-
Sep 30, 2020
-
Ubuntu security notices
-
lire
USN-4559-1: Samba update
samba update
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security improvements were added to Samba.
Software Description
samba - SMB/CIFS file, print, and login server for Unix
Details
Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the cr
-
Sep 30, 2020
-
Ubuntu security notices
-
lire
USN-4558-1: libapreq2 vulnerabilities
libapreq2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
libapreq2 could be made to crash if it received specially crafted network
traffic.
Software Description
libapreq2 - a safe, standards-compliant, high-performance library used for parsing HTTP cookies, query-strings and POST data
Details
It was discovered that libapreq2 did not properly sanitize the Content-Type
field in certain, crafted HTTP requests. An attacke
-
Sep 30, 2020
-
Ubuntu security notices
-
lire
USN-4557-1: Tomcat vulnerabilities
tomcat6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Tomcat.
Software Description
tomcat6 - Servlet and JSP engine
Details
It was discovered that the Tomcat realm implementations incorrectly handled
passwords when a username didn’t exist. A remote attacker could possibly
use this issue to enumerate usernames. (CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered th
-
Sep 29, 2020
-
Ubuntu security notices
-
lire
USN-4556-1: netqmail vulnerabilities
netqmail vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
netqmail could be made to crash or run programs as any user (except root) if it
received specially crafted network traffic.
Software Description
netqmail - a secure, reliable, efficient, simple message transfer agent
Details
It was discovered that netqmail did not properly handle certain input. Both
remote and local attackers could use this vulnerability to cause
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4547-2: SSVNC vulnerabilities
ssvnc vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in SSVNC.
Software Description
ssvnc - Enhanced TightVNC viewer with SSL/SSH tunnel helper
Details
It was discovered that the LibVNCClient vendored in SSVNC incorrectly handled
certain packet lengths. A remote attacker could possibly use this issue to
obtain sensitive information, cause a denial of service, or execute arbitrary
cod
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4554-1: libPGF vulnerability
libpgf vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
libPGF could be made to crash if it opened a specially crafted
file.
Software Description
libpgf - Progressive Graphics File (PGF) library
Details
It was discovered that libPGF lacked proper validation when opening a
specially crafted PGF file. An attacker could possibly use this issue to
cause a denial of service.
Update instructions
The problem can be corrected b
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4552-1: Pam-python vulnerability
pam-python vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Pam-python could be made to crash or run programs as an administrator
if certain environment variables are set.
Software Description
pam-python - Enables PAM modules to be written in Python
Details
Malte Kraus discovered that Pam-python mishandled certain environment variables.
A local attacker could potentially use this vulnerability to execute programs
as root.
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4553-1: Teeworlds vulnerability
teeworlds vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
Teeworlds could be made to crash if it received specially crafted network
traffic.
Software Description
teeworlds - online multi-player platform 2D shooter
Details
It was discovered that Teeworlds server did not properly handler certain
network traffic. A remote, unauthenticated attacker could use this
vulnerability to cause Teeworlds server to crash.
Update inst
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4547-1: iTALC vulnerabilities
italc vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in iTALC.
Software Description
italc - didact tool which allows teachers to view and control computer labs
Details
It was discovered that an information disclosure vulnerability existed in the
LibVNCServer vendored in iTALC when sending a ServerCutText message. An
attacker could possibly use this issue to expose sensitive informati
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4549-1: ImageMagick vulnerabilities
imagemagick vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
ImageMagick could be made to crash if it opened a specially crafted
file.
Software Description
imagemagick - Image manipulation programs and library
Details
It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacke
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4548-1: libuv vulnerability
libuv1 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
libuv could be made to crash or execute arbitrary code if it received a specially
crafted path.
Software Description
libuv1 - asynchronous event notification library - runtime library
Details
It was discovered that libuv incorrectly handled certain paths.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
Update instructions
The p
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-3968-3: Sudo vulnerabilities
sudo vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 ESM
Summary
Several security issues were fixed in Sudo.
Software Description
sudo - Provide limited super user privileges to specific users
Details
USN-3968-1 fixed several vulnerabilities in Sudo. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Florian Weimer discovered that Sudo incorrectly handled the noexec
restriction when u
-
Sep 28, 2020
-
Ubuntu security notices
-
lire
USN-4546-1: Firefox vulnerabilities
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description
firefox - Mozilla Open Source web browser
Details
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to
-
Sep 25, 2020
-
Ubuntu security notices
-
lire
USN-4545-1: libquicktime vulnerabilities
libquicktime vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in libquicktime.
Software Description
libquicktime - Library for reading and writing quicktime files
Details
It was discovered that libquicktime incorrectly handled certain malformed
MP4 files. If a user were tricked into opening a specially crafted MP4
file, a remote attacker could use this issue to cause a denial of servic
-
Sep 25, 2020
-
Ubuntu security notices
-
lire
USN-4541-1: Gnuplot vulnerabilities
gnuplot vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Gnuplot.
Software Description
gnuplot - Command-line driven interactive plotting program
Details
Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars
discovered that Gnuplot did not properly validate string sizes in the
df_generate_ascii_array_entry function. An attacker could possibly use
this issue to cause a he
-
Sep 25, 2020
-
Ubuntu security notices
-
lire
USN-4543-1: Sanitize vulnerability
ruby-sanitize vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
Sanitize could be made to perform XSS attacks if it received specially
crafted input.
Software Description
ruby-sanitize - allowlist-based HTML and CSS sanitizer
Details
Michał Bentkowski discovered that Sanitize did not properly sanitize some
math or svg HTML under certain circumstances. A remote attacker could
potentially exploit this to conduct cross-site s
-
Sep 25, 2020
-
Ubuntu security notices
-
lire
USN-4542-1: MiniUPnPd vulnerabilities
miniupnpd vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in MiniUPnPd.
Software Description
miniupnpd - UPnP and NAT-PMP daemon for gateway routers
Details
It was discovered that MiniUPnPd did not properly validate callback
addresses. A remote attacker could possibly use this issue to expose
sensitive information. (CVE-2019-12107)
It was discovered that MiniUPnPd incorrectly handled
-
Sep 24, 2020
-
Ubuntu security notices
-
lire
USN-4540-1: atftpd vulnerabilities
atftp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in atftpd.
Software Description
atftp - Advanced TFTP Server and Client
Details
Denis Andzakovic discovered that atftpd incorrectly handled certain
malformed packets. A remote attacker could send a specially crafted packet
to cause atftpd to crash, resulting in a denial of service.
(CVE-2019-11365)
Denis Andzakovic discovered that
-
Sep 24, 2020
-
Ubuntu security notices
-
lire
USN-4539-1: AWL vulnerability
awl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
DAViCal Andrew’s Web Libraries could be made to run programs as your login
if it received specially crafted input.
Software Description
awl - PHP Utility Libraries
Details
Andrew Bartlett discovered that DAViCal Andrew’s Web Libraries (AWL) did
not properly manage session keys. An attacker could possibly use this
issue to impersonate a session. (CVE-2020-117
-
Sep 24, 2020
-
Ubuntu security notices
-
lire
USN-4536-1: SPIP vulnerabilities
spip vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in SPIP.
Software Description
spip - website engine for publishing
Details
Youssouf Boulouiz discovered that SPIP incorrectly handled login error
messages. A remote attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2019-16392)
Gilles Vincent discovered that SPIP incorrectly handled password
-
Sep 24, 2020
-
Ubuntu security notices
-
lire
USN-4538-1: PackageKit vulnerabilities
packagekit vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in PackageKit.
Software Description
packagekit - Provides a package management service
Details
Vaisha Bernard discovered that PackageKit incorrectly handled certain
methods. A local attacker could use this issue to learn the MIME type of
any file on the system. (CVE-2020-16121)
Sami Niemimäki
-
Sep 24, 2020
-
Ubuntu security notices
-
lire
USN-4537-1: Aptdaemon vulnerability
aptdaemon vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Aptdaemon could be made to expose sensitive information.
Software Description
aptdaemon - transaction based package management service
Details
Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale
property. A local attacker could use this issue to test for the presence of
local files.
Update instructions
The pr
-
Sep 23, 2020
-
Ubuntu security notices
-
lire
USN-4535-1: RDFLib vulnerability
rdflib vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
RDFLib could be made to made to execute arbitrary code if it were running
in a directory with a specially crafted file.
Software Description
rdflib - Pure Python package for working with RDF
Details
Gabriel Corona discovered that RDFLib did not properly load modules on the
command-line. An attacker could possibly use this issue to cause RDFLib to
execute arbitrary co
-
Sep 23, 2020
-
Ubuntu security notices
-
lire
USN-4534-1: Perl DBI module vulnerability
libdbi-perl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Ubuntu 12.04 ESM
Summary
Perl DBI module could be made to crash or expose sensitive information if it
received a specially crafted input.
Software Description
libdbi-perl - Perl Database Interface (DBI)
Details
It was discovered that Perl DBI module incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4533-1: LTSP Display Manager vulnerabilities
ldm vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
LTSP Display Manager could be made to escalate user privileges.
Software Description
ldm - LTSP display manager
Details
Veeti Veteläinen discovered that the LTSP Display Manager (ldm)
incorrectly handled user logins from unsupported shells. A local attacker
could possibly use this issue to gain root privileges. (CVE-2019-20373)
Update instructions
The problem can be
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4532-1: Netty vulnerabilities
netty-3.9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in Netty.
Software Description
netty-3.9 - Asynchronous event-driven network application framework
Details
It was discovered that Netty incorrectly handled certain HTTP headers.
By sending an HTTP header with whitespace before the colon, a remote
attacker could possibly use this issue to perform an HTTP request
smuggling attack
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4530-1: Debian-LAN vulnerabilities
debian-lan-config vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Debian-LAN could be made to change Kerberos user passwords or run programs
as an administrator.
Software Description
debian-lan-config - FAI config space for the Debian-LAN system
Details
Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs
for the Kerberos admin server. A local attacker could possibly use this
issue to change the pas
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4531-1: BusyBox vulnerability
busybox vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Summary
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software Description
busybox - Tiny utilities for small and embedded systems
Details
It was discovered that the BusyBox wget applet incorrectly validated SSL
certificates. A remote attacker could possibly use this issue to intercept
secure c
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4529-1: FreeImage vulnerabilities
freeimage vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Several security issues were fixed in FreeImage.
Software Description
freeimage - Support library for graphics image formats
Details
It was discovered that FreeImage incorrectly handled certain memory
operations. If a user were tricked into opening a crafted TIFF file, a
remote attacker could use this issue to cause a heap buffer overflow,
resulting in a denial
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4528-1: Ceph vulnerabilities
ceph vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Ceph.
Software Description
ceph - distributed storage and file system
Details
Adam Mohammed discovered that Ceph incorrectly handled certain CORS
ExposeHeader tags. A remote attacker could possibly use this issue to
preform an HTTP header injection attack. (CVE-2020-10753)
Lei Cao discovered that Ceph incorrectl
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4526-1: Linux kernel vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-az
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4527-1: Linux kernel vulnerabilities
linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-raspi2 - Linux kernel for Raspberry Pi (V8) systems
linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors
linux-l
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4525-1: Linux kernel vulnerabilities
linux, linux-azure, linux-gcp, linux-oracle vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
linux - Linux kernel
linux-azure - Linux kernel for Microsoft Azure Cloud systems
linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
linux-oracle - Linux kernel for Oracle Cloud systems
Details
It was discovered that the AMD Cryptographic
-
Sep 22, 2020
-
Ubuntu security notices
-
lire
USN-4524-1: TNEF vulnerabilities
tnef vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
TNEF could be made to crash or write arbitrary files to the filesystem.
Software Description
tnef - Tool to unpack MIME application/ms-tnef attachments
Details
Paul Dreik discovered that TNEF incorrectly handled filenames. If a user
were tricked into opening a specially crafted email attachment, an
attacker could possibly use this issue to write arbitrary files to th
-
Sep 21, 2020
-
Ubuntu security notices
-
lire
USN-4523-1: LibOFX vulnerability
libofx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
LibOFX could be made to crash.
Software Description
libofx - client-side implementation of Open Financial Exchange specification
Details
It was discovered that LibOFX did not properly check for errors in certain
situations, leading to a NULL pointer dereference. A remote attacker could
use this issue to cause a denial of service attack. (CVE-2019-9656)
Update instru
-
Sep 21, 2020
-
Ubuntu security notices
-
lire
USN-4522-1: noVNC vulnerability
novnc vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
noVNC could be made to execute arbitrary code.
Software Description
novnc - HTML5 VNC client - daemon and programs
Details
It was discovered that noVNC did not properly manage certain messages,
resulting in the remote VNC server injecting arbitrary HTML into the
noVNC web page. An attacker could use this issue to conduct cross-site
scripting (XSS) attacks. (CVE-2017-1
-
Sep 21, 2020
-
Ubuntu security notices
-
lire
USN-4521-1: pam_tacplus vulnerability
libpam-tacplus vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
pam_tacplus could be made to expose sensitive information.
Software Description
libpam-tacplus - PAM module for using TACACS+ as an authentication service
Details
It was discovered that pam_tacplus did not properly manage shared secrets
if DEBUG loglevel and journald are used. A remote attacker could use this
issue to expose
-
Sep 18, 2020
-
Ubuntu security notices
-
lire
USN-4520-1: Exim SpamAssassin vulnerability
sa-exim vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Exim SpamAssassin could be made to execute aribitrary code if it received
crafted .cf files/rules.
Software Description
sa-exim - SpamAssassin filter for Exim
Details
It was discovered that Exim SpamAssassin does not properly handle
configuration strings. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2019-19920)
Update instructions
The
-
Sep 18, 2020
-
Ubuntu security notices
-
lire
USN-4519-1: PulseAudio vulnerability
pulseaudio vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
PulseAudio could be made to crash or run programs as your login if it
received specially crafted input.
Software Description
pulseaudio - PulseAudio sound server
Details
Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle memory under certain error conditions in the
Bluez 5 module. An attacker could use this is
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4518-1: xawtv vulnerability
xawtv vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
xawtv could be made to expose sensitive information and escalate
user privileges if it received specially crafted input.
Software Description
xawtv - X11 program for watching TV
Details
Matthias Gerstner discovered that xawtv incorrectly handled opening files.
A local attacker could possibly use this issue to open and write to
arbitrary files and escalate privileges.
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4516-1: GnuPG vulnerability
gnupg2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
GnuPG could be made to expose sensitive information.
Software Description
gnupg2 - GNU privacy guard - a free PGP replacement
Details
It was discovered that GnuPG signatures could be forged when the SHA-1
algorithm is being used. This update removes validating signatures based on
SHA-1 that were generated after 2019-01-19. In environments where this is
still required
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4515-1: Pure-FTPd vulnerability
pure-ftpd vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
Pure-FTPd could be made to expose sensitive information if it recieved
specially crafted input.
Software Description
pure-ftpd - Secure and efficient FTP server
Details
Antonio Norales discovered that Pure-FTPd incorrectly handled directory
aliases. An attacker could possibly use this issue to access sensitive
information. (CVE-2020-9274)
Update instructions
The
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4514-1: libproxy vulnerability
libproxy vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
libproxy could be made to crash if it received a specially crafted PAC file.
Software Description
libproxy - automatic proxy configuration management library
Details
It was discovered that libproxy incorrectly handled certain PAC files.
An attacker could possibly use this issue to cause a denial of service.
Update instructions
Th
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4513-1: apng2gif vulnerability
apng2gif vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
apng2gif could be made to expose sensitive information if it opened a
specifically crafted APNG file.
Software Description
apng2gif - tool for converting APNG images to animated GIF format
Details
Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled
loading APNG files. An attacker could exploit this with a crafted APNG
file to access sensitive infor
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4510-2: Samba vulnerability
samba vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 ESM
Summary
Samba would allow unintended access to files over the network.
Software Description
samba - SMB/CIFS file, print, and login server for Unix
Details
USN-4510-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrect
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4512-1: util-linux vulnerability
util-linux vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
util-linux could be made to run programs when performing bash completion.
Software Description
util-linux - miscellaneous system utilities
Details
It was discovered that the umount bash completion script shipped in
util-linux incorrectly handled certain mountpoints. If a local attacker
were able to create arbitrary mountpoints, another user could be tricked
into
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4511-1: QEMU vulnerability
qemu vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
QEMU could be made to crash or run programs.
Software Description
qemu - Machine emulator and virtualizer
Details
Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU
incorrectly handled certain USB packets. An attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service,
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4510-1: Samba vulnerability
samba vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Samba would allow unintended access to files over the network.
Software Description
samba - SMB/CIFS file, print, and login server for Unix
Details
Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the
-
Sep 17, 2020
-
Ubuntu security notices
-
lire
USN-4509-1: Perl DBI module vulnerabilities
libdbi-perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 ESM
Summary
Several security issues were fixed in Perl DBI module.
Software Description
libdbi-perl - Perl Database Interface (DBI)
Details
It was discovered that Perl DBI module incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2013-7490)
It was discovered that Perl DBI module incorrectly handled certain files.
-
Sep 16, 2020
-
Ubuntu security notices
-
lire
USN-4508-1: StoreBackup vulnerability
storebackup vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
StoreBackup could be made to stop executing or generate a race condition
if it received a lock file in the default location.
Software Description
storebackup - fancy compressing managing checksumming deduplicating hard-linkin
Details
It was discovered that StoreBackup did not properly manage lock files.
A local attacker could us
-
Sep 16, 2020
-
Ubuntu security notices
-
lire
USN-4507-1: ncmpc vulnerability
ncmpc vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
ncmpc could be made to crash if it received a long chat message.
Software Description
ncmpc - ncurses-based audio player
Details
It was discovered that ncmpc incorrectly handled long chat messages. A remote
attacker could possibly exploit this with a crafted chat message, causing ncmpc
to crash, resulting in a denial of service. (CVE-2018-9240)
Update instructions
T
-
Sep 16, 2020
-
Ubuntu security notices
-
lire
USN-4506-1: MCabber vulnerability
mcabber vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
MCabber could be made to modify the roster and intercept messages if it
received specially crafted XMPP packets.
Software Description
mcabber - small Jabber (XMPP) console client
Details
It was discovered that MCabber does not properly manage roster pushes. An
attacker could possibly use this issue to remotely perform
man-in-the-middle attacks. (CVE-2016-9928).
Upd
-
Sep 16, 2020
-
Ubuntu security notices
-
lire
USN-4505-1: PHPMailer vulnerability
libphp-phpmailer vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Summary
Attachments with specially crafted filenames could bypass filename-based
mail attachment filters.
Software Description
libphp-phpmailer - full featured email transfer class for PHP
Details
Elar Lang discovered that PHPMailer did not properly escape double quote
characters in filenames. A remote attacker could possibly exploit this
with a crafted filename to
-
Sep 16, 2020
-
Ubuntu security notices
-
lire
USN-4504-1: OpenSSL vulnerabilities
openssl, openssl1.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
Several security issues were fixed in OpenSSL.
Software Description
openssl1.0 - Secure Socket Layer (SSL) cryptographic library and tools
openssl - Secure Socket Layer (SSL) cryptographic library and tools
Details
Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky
discovered that certain Diffie-Hellman ciphersuites i