Ubuntu Secutity Notices
USN-4552-2: Pam-python vulnerability
Malte Kraus discovered that Pam-python mishandled certain environment
variables. A local attacker could potentially use this vulnerability to
execute programs as root.
USN-4596-1: Tomcat vulnerabilities
It was discovered that Tomcat did not properly manage HTTP/2 streams. An
attacker could possibly use this to cause Tomcat to consume resources,
resulting in a denial of service. (CVE-2020-11996)
It was discovered that Tomcat did not properly release the HTTP/1.1
processor after the upgrade to HTTP/2. An attacker could possibly use this
to generate an OutOfMemoryException, resulting in a denial of service.
(CVE-2020-13934)
It was discovered that Tomcat did not properly validate the payload length
in a WebSocket frame. An attacker could possibly use this to trigger an
infinite loop, resulting in a denial of service. (CVE-2020-13935)
It was discovered that Tomcat did not properly deserialize untrusted data.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-9484)
USN-4595-1: Grunt vulnerability
It was discovered that Grunt did not properly load yaml files. An attacker
could possibly use this to execute arbitrary code. (CVE-2020-7729)
USN-4594-1: Quassel vulnerabilities
It was discovered that Quassel incorrectly handled Qdatastream protocol. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-1000178)
It was discovered that Quassel incorrectly handled certain login requests.
A remote attacker could possibly use this issue to cause a denial of
service. (CVE-2018-1000179)
USN-4587-1: iTALC vulnerabilities
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)
It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibly execute arbitrary code. (CVE-2018-15127,
CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225,
CVE-2019-15681)
USN-4586-1: PHP ImageMagick vulnerability
It was discovered that PHP ImageMagick extension didn't check the address used
by an array. An attacker could use this issue to cause PHP ImageMagick to
crash, resulting in a denial of service.
USN-4593-1: FreeType vulnerability
Sergei Glazunov discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges.
USN-4592-1: Linux kernel vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
USN-4591-1: Linux kernel vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
USN-4588-1: FlightGear vulnerability
It was discovered that FlightGear could write arbitrary files if received a
special nasal script. A remote attacker could exploit this with a crafted
file to execute arbitrary code.
USN-4590-1: Collabtive vulnerability
It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)
USN-4585-1: Newsbeuter vulnerabilities
It was discovered that Newsbeuter didn't handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (CVE-2017-12904)
It was discovered that Newsbeuter didn't handle metacharacters in its
filename properly. An remote attacker could use it to ran remote code by
crafting a special filename. (CVE-2017-14500)
USN-4546-2: Firefox regressions
USN-4546-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, conduct cross-site
scripting (XSS) attacks, spoof the site displayed in the download dialog,
or execute arbitrary code.
USN-4584-1: HtmlUnit vulnerability
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An
Attacker could possibly use this issue to execute arbitrary Java code.
USN-4589-2: Docker vulnerability
USN-4589-1 fixed a vulnerability in containerd. This update provides
the corresponding update for docker.io.
Original advisory details:
It was discovered that containerd could be made to expose sensitive
information when processing URLs in container image manifests. A
remote attacker could use this to trick the user and obtain the
user's registry credentials.
USN-4589-1: containerd vulnerability
It was discovered that containerd could be made to expose sensitive
information when processing URLs in container image manifests. A
remote attacker could use this to trick the user and obtain the
user's registry credentials.
USN-4583-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain encrypt ciphers.
An attacker could possibly use this issue to decrease security or cause
incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-7069)
It was discorevered that PHP incorrectly handled certain HTTP cookies.
An attacker could possibly use this issue to forge cookie which is supposed to
be secure. (CVE-2020-7070)
USN-4582-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled permissions on the .swp
file. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17087)
It was discovered that Vim incorrectly handled restricted mode. A local
attacker could possibly use this issue to bypass restricted mode and
execute arbitrary commands. Note: This update only makes executing shell
commands more difficult. Restricted mode should not be considered a
complete security measure. (CVE-2019-20807)
USN-4581-1: Python vulnerability
It was discovered that Python incorrectly handled certain character
sequences. A remote attacker could possibly use this issue to perform
CRLF injection.
USN-4577-1: Linux kernel vulnerabilities
Hador Manor discovered that the DCCP protocol implementation in the Linux
kernel improperly handled socket reuse, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-16119)
Giuseppe Scrivano discovered that the overlay file system in the Linux
kernel did not properly perform permission checks in some situations. A
local attacker could possibly use this to bypass intended restrictions and
gain read access to restricted files. (CVE-2020-16120)