Ubuntu Secutity Notices

Subscribe to Ubuntu Secutity Notices hírcsatorna
Recent content on Ubuntu security notices
Frissítve: 1 óra 31 perc
2020. szeptember 16.

USN-4501-1: LuaJIT vulnerability

It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2020-15890)
2020. szeptember 15.

USN-4500-1: bsdiff vulnerabilities

It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code.
2020. szeptember 15.

USN-4498-1: Loofah vulnerability

It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. (CVE-2019-15587)
2020. szeptember 15.

USN-4499-1: MilkyTracker vulnerabilities

It was discovered that MilkyTracker did not properly handle certain input. If a user were tricked into opening a malicious file, an attacker could cause MilkyTracker to crash or potentially execute arbitrary code.
2020. szeptember 15.

USN-4497-1: OpenJPEG vulnerabilities

It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-9112) It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code. (CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389) It was discovered that OpenJPEG incorrectly handled certain BMP files. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2019-12973)
2020. szeptember 15.

USN-4496-1: Apache XML-RPC vulnerability

It was discovered that Apache XML-RPC (aka ws-xmlrpc) does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-17570)
2020. szeptember 15.

USN-4495-1: Apache Log4j vulnerability

It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. (CVE-2019-17571)
2020. szeptember 15.

USN-4494-1: GUPnP vulnerability

It was discovered that GUPnP incorrectly handled certain subscription requests. A remote attacker could possibly use this issue to exfiltrate data or use GUPnP to perform DDoS attacks.
2020. szeptember 14.

USN-4493-1: cryptsetup vulnerability

It was discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
2020. szeptember 9.

USN-4488-2: X.Org X Server vulnerabilities

USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14346) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14347) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14361) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14362) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14345)
2020. szeptember 9.

USN-4491-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
2020. szeptember 8.

USN-4487-2: libx11 vulnerabilities

USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14344) Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14363)
2020. szeptember 8.

USN-4490-1: X.Org X Server vulnerability

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges.
2020. szeptember 8.

USN-4489-1: Linux kernel vulnerability

Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
2020. szeptember 3.

USN-4474-2: Firefox regressions

USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. (CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668)
2020. szeptember 2.

USN-4449-2: Apport vulnerabilities

USN-4449-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936) Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. (CVE-2020-15701) Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)
2020. szeptember 2.

USN-4488-1: X.Org X Server vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14346) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14347) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14361) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14362)
2020. szeptember 2.

USN-4487-1: libx11 vulnerabilities

Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14344) Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14363)
2020. szeptember 2.

USN-4484-1: Linux kernel vulnerability

It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356)
2020. szeptember 2.

USN-4486-1: Linux kernel vulnerability

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash).