Ubuntu Secutity Notices
USN-4641-1: libextractor vulnerabilities
It was discovered that Libextractor incorrectly handled zero sample rate.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15266)
It was discovered that Libextractor incorrectly handled certain FLAC
metadata. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15267)
It was discovered that Libextractor incorrectly handled certain specially
crafted files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)
It was discovered that Libextractor incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15601)
It was discovered that Libextractor incorrectly handled integers. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15602)
It was discovered that Libextractore incorrectly handled certain crafted
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15922)
It was discovered tha Libextractor incorrectly handled certain files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-17440)
It was discovered that Libextractor incorrectly handled certain malformed
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14346)
It was discovered that Libextractor incorrectly handled malformed files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14347)
It was discovered that Libextractor incorrectly handled metadata. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20431)
USN-4640-1: PulseAudio vulnerability
James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.
USN-4634-2: OpenLDAP vulnerabilities
USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain malformed
inputs. A remote attacker could possibly use this issue to cause OpenLDAP
to crash, resulting in a denial of service.
USN-4637-2: Firefox vulnerabilities
USN-4637-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across origins, bypass security restrictions, conduct phishing
attacks, conduct cross-site scripting (XSS) attacks, bypass Content
Security Policy (CSP) restrictions, conduct DNS rebinding attacks, or
execute arbitrary code.
USN-4639-1: phpMyAdmin vulnerabilities
It was discovered that there was a bug in the way phpMyAdmin handles the
phpMyAdmin Configuration Storage tables. An authenticated attacker could
use this vulnerability to cause phpmyAdmin to leak sensitive files.
(CVE-2018-19968)
It was discovered that phpMyAdmin incorrectly handled user input. An
attacker could possibly use this for an XSS attack. (CVE-2018-19970)
It was discovered that phpMyAdmin mishandled certain input. An attacker
could use this vulnerability to execute a cross-site scripting (XSS) attack
via a crafted URL. (CVE-2018-7260)
It was discovered that phpMyAdmin failed to sanitize certain input. An
attacker could use this vulnerability to execute an SQL injection attack
via a specially crafted database name. (CVE-2019-11768)
It was discovered that phpmyadmin incorrectly handled some requests. An
attacker could possibly use this to perform a CSRF attack. (CVE-2019-12616)
It was discovered that phpMyAdmin failed to sanitize certain input. An
attacker could use this vulnerability to execute an SQL injection attack
via a specially crafted username. (CVE-2019-6798, CVE-2020-10804,
CVE-2020-5504)
It was discovered that phpMyAdmin would allow sensitive files to be leaked
if certain configuration options were set. An attacker could use this
vulnerability to access confidential information. (CVE-2019-6799)
It was discovered that phpMyAdmin failed to sanitize certain input. An
attacker could use this vulnerability to execute an SQL injection attack
via a specially crafted database or table name. (CVE-2020-10802)
It was discovered that phpMyAdmin did not properly handle data from the
database when displaying it. If an attacker were to insert specially-
crafted data into certain database tables, the attacker could execute a
cross-site scripting (XSS) attack. (CVE-2020-10803)
It was discovered that phpMyAdmin was vulnerable to an XSS attack. If a
victim were to click on a crafted link, an attacker could run malicious
JavaScript on the victim's system. (CVE-2020-26934)
It was discovered that phpMyAdmin did not properly handler certain SQL
statements in the search feature. An attacker could use this vulnerability
to inject malicious SQL into a query. (CVE-2020-26935)
USN-4638-1: c-ares vulnerability
It was discovered that c-ares incorrectly handled certain DNS requests.
An attacker could possibly use this issue to cause a denial of service.
USN-4637-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across origins, bypass security restrictions, conduct phishing
attacks, conduct cross-site scripting (XSS) attacks, bypass Content
Security Policy (CSP) restrictions, conduct DNS rebinding attacks, or
execute arbitrary code.
USN-4636-1: LibVNCServer, Vino vulnerability
It was discovered that LibVNCServer incorrectly handled certain internals.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Vino package ships with a LibVNCServer source and all listed releases were
affected for this package.
USN-4635-1: Kerberos vulnerability
Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1.
An attacker could possibly use this issue to cause a denial of service.
USN-4634-1: OpenLDAP vulnerabilities
It was discovered that OpenLDAP incorrectly handled certain malformed
inputs. A remote attacker could possibly use this issue to cause OpenLDAP
to crash, resulting in a denial of service.
USN-4633-1: PostgreSQL vulnerabilities
Peter Eisentraut discovered that PostgreSQL incorrectly handled connection
security settings. Client applications could possibly be connecting with
certain security parameters dropped, contrary to expectations.
(CVE-2020-25694)
Etienne Stalmans discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox. An authenticated remote attacker
could possibly use this issue to execute arbitrary SQL functions as a
superuser. (CVE-2020-25695)
Nick Cleaton discovered that PostgreSQL incorrectly handled the \gset
meta-command. A remote attacker with a compromised server could possibly
use this issue to execute arbitrary code. (CVE-2020-25696)
USN-4607-2: OpenJDK regressions
USN-4607-1 fixed vulnerabilities and added features in OpenJDK.
Unfortunately, that update introduced a regression that could cause TLS
connections with client certificate authentication to fail in some
situations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that OpenJDK incorrectly handled deserializing Proxy
class objects with many interfaces. A remote attacker could possibly use
this issue to cause a denial of service (memory consumption) via a
specially crafted input. (CVE-2020-14779)
Sergey Ostanin discovered that OpenJDK incorrectly restricted
authentication mechanisms. A remote attacker could possibly use this
issue to obtain sensitive information over an unencrypted connection.
(CVE-2020-14781)
It was discovered that OpenJDK incorrectly handled untrusted certificates.
An attacker could possibly use this issue to read or write sensitive
information. (CVE-2020-14782)
Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer
overflows. An attacker could possibly use this issue to bypass certain
Java sandbox restrictions. (CVE-2020-14792)
Markus Loewe discovered that OpenJDK incorrectly checked permissions when
converting a file system path to an URI. An attacker could possibly use
this issue to bypass certain Java sandbox restrictions. (CVE-2020-14796)
Markus Loewe discovered that OpenJDK incorrectly checked for invalid
characters when converting an URI to a path. An attacker could possibly
use this issue to read or write sensitive information. (CVE-2020-14797)
Markus Loewe discovered that OpenJDK incorrectly checked the length of
input strings. An attacker could possibly use this issue to bypass certain
Java sandbox restrictions. (CVE-2020-14798)
It was discovered that OpenJDK incorrectly handled boundary checks. An
attacker could possibly use this issue to bypass certain Java sandbox
restrictions. (CVE-2020-14803)
USN-4632-1: SLiRP vulnerabilities
It was discovered that the SLiRP networking implementation of the QEMU
emulator did not properly manage memory under certain circumstances. An
attacker could use this to cause a heap-based buffer overflow or other out-
of-bounds access, which can lead to a denial of service (application crash)
or potentially execute arbitrary code. (CVE-2020-7039)
It was discovered that the SLiRP networking implementation of the QEMU
emulator misuses snprintf return values. An attacker could use this to
cause a denial of service (application crash) or potentially execute
arbitrary code. (CVE-2020-8608)
USN-4631-1: libmaxminddb vulnerability
It was discovered that libmaxminddb incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
applications using libmaxminddb to crash, resulting in a denial of service.
USN-4171-6: Apport regression
USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression
when handling configuration files. This update fixes the problem, and also
introduces further hardening measures.
Original advisory details:
Kevin Backhouse discovered Apport would read its user-controlled settings
file as the root user. This could be used by a local attacker to possibly
crash Apport or have other unspecified consequences. (CVE-2019-11481)
Sander Bos discovered a race-condition in Apport during core dump
creation. This could be used by a local attacker to generate a crash report
for a privileged process that is readable by an unprivileged user.
(CVE-2019-11482)
Sander Bos discovered Apport mishandled crash dumps originating from
containers. This could be used by a local attacker to generate a crash
report for a privileged process that is readable by an unprivileged user.
(CVE-2019-11483)
Sander Bos discovered Apport mishandled lock-file creation. This could be
used by a local attacker to cause a denial of service against Apport.
(CVE-2019-11485)
Kevin Backhouse discovered Apport read various process-specific files with
elevated privileges during crash dump generation. This could could be used
by a local attacker to generate a crash report for a privileged process
that is readable by an unprivileged user. (CVE-2019-15790)
USN-4628-2: Intel Microcode regression
USN-4628-1 provided updated Intel Processor Microcode. Unfortunately,
that update prevented certain processors in the Intel Tiger Lake family
from booting successfully. This update reverts the microcode update for
the Tiger Lake processor family.
Please note that the 'dis_ucode_ldr' kernel command line option can be
added in the boot menu to disable microcode loading for system recovery.
We apologize for the inconvenience.
Original advisory details:
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) feature of some Intel processors allowed a side-
channel attack based on power consumption measurements. A local attacker
could possibly use this to expose sensitive information. (CVE-2020-8695)
Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that
some Intel(R) Processors did not properly remove sensitive information
before storage or transfer in some situations. A local attacker could
possibly use this to expose sensitive information. (CVE-2020-8696)
Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that
some Intel(R) Processors did not properly isolate shared resources in some
situations. A local attacker could possibly use this to expose sensitive
information. (CVE-2020-8698)
USN-4622-2: OpenLDAP vulnerability
USN-4622-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain network
packets. A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
USN-4630-1: Raptor vulnerability
Hanno Böck discovered that Raptor incorrectly handled certain memory
operations. If a user were tricked into opening a specially crafted
document in an application linked against Raptor, an attacker could
cause the application to crash, resulting in a denial of service, or
possibly execute arbitrary code.
USN-4629-1: MoinMoin vulnerabilities
Michael Chapman discovered that MoinMoin incorrectly handled certain cache actions.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-25074)
Catarina Leite discovered that MoinMoin incorrectly handled certain SVG files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-15275)
USN-4628-1: Intel Microcode vulnerabilities
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) feature of some Intel processors allowed a side-
channel attack based on power consumption measurements. A local attacker
could possibly use this to expose sensitive information. (CVE-2020-8695)
Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that
some Intel(R) Processors did not properly remove sensitive information
before storage or transfer in some situations. A local attacker could
possibly use this to expose sensitive information. (CVE-2020-8696)
Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that
some Intel(R) Processors did not properly isolate shared resources in some
situations. A local attacker could possibly use this to expose sensitive
information. (CVE-2020-8698)