Ubuntu Secutity Notices

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23840) Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841)

It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile.

USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695)

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964) It was discovered that responses received during the plaintext phase of the STARTTLS connection setup were subsequently evaluated during the encrypted session. A person in the middle could potentially exploit this to perform a response injection attack. (CVE-2020-15685)

Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information.

It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695)

Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.

It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that PostSRSd mishandled certain input. A remote attacker could use this vulnerability to cause a denial of service via a long timestamp tag in an SRS address.

It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information.

Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain network packets. A remote attacker could use this issue to cause a denial of service, or possibly alter packet classification.

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.

Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

It was discovered that OpenJDK incorrectly handled the direct buffering of characters. An attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or cause other unspecified impact.

USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code.

It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-11947) Alexander Bulekov discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-15859) Alexander Bulekov discovered that QEMU incorrectly handled memory region cache. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-27821) Cheol-woo Myung discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-28916) Wenxiang Qian discovered that QEMU incorrectly handled ATAPI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-29443) It was discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20181)

It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221) It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226) It was discovered that OpenLDAP incorrectly handled Return Filter control handling. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36223) It was discovered that OpenLDAP incorrectly handled certain cancel operations. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227) It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36228) It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)

It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.

It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. (CVE-2020-12695) It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service. (CVE-2020-28926)