Search results

  1. LinuxBot

    Ubuntu Security Update USN-5091-1: Linux kernel vulnerabilities

    Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624) It was...
  2. LinuxBot

    Ubuntu Security Update USN-5092-1: Linux kernel vulnerabilities

    Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. (CVE-2021-41073) Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier...
  3. LinuxBot

    Ubuntu Security Update USN-5090-2: Apache HTTP Server vulnerabilities

    USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly...
  4. LinuxBot

    Ubuntu Security Update USN-5090-1: Apache HTTP Server vulnerabilities

    James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-33193) It was discovered that the Apache HTTP Server incorrectly...
  5. LinuxBot

    Debian Security Update DSA-4978 linux - security update

    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. Continue reading...
  6. LinuxBot

    Ubuntu Security Update USN-5088-1: EDK II vulnerabilities

    It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. (CVE-2019-11098) Paul Kehrer discovered that OpenSSL...
  7. LinuxBot

    Ubuntu Security Update USN-5089-1: ca-certificates update

    The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA. Continue reading...
  8. LinuxBot

    Ubuntu Security Update USN-5089-2: ca-certificates update

    USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes...
  9. LinuxBot

    Debian Security Update DSA-4975 webkit2gtk - security update

    The following vulnerabilities have been discovered in the webkit2gtk web engine: Continue reading...
  10. LinuxBot

    Debian Security Update DSA-4976 wpewebkit - security update

    The following vulnerabilities have been discovered in the webkit2gtk web engine: Continue reading...
  11. LinuxBot

    Ubuntu Security Update USN-5085-1: SQL parse vulnerability

    It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service. Continue reading...
  12. LinuxBot

    Ubuntu Security Update USN-5086-1: Linux kernel vulnerability

    Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary...
  13. LinuxBot

    Ubuntu Security Update USN-5087-1: WebKitGTK vulnerabilities

    A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
  14. LinuxBot

    Ubuntu Security Update USN-5073-3: Linux kernel (Raspberry Pi) vulnerabilities

    Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that...
  15. LinuxBot

    Ubuntu Security Update USN-5071-3: Linux kernel (Raspberry Pi) vulnerabilities

    It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute...
  16. LinuxBot

    Ubuntu Security Update USN-5079-4: curl regression

    USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS...
  17. LinuxBot

    Ubuntu Security Update USN-5079-3: curl vulnerabilities

    USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote...
  18. LinuxBot

    Ubuntu Security Update USN-5084-1: LibTIFF vulnerability

    It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
  19. LinuxBot

    Debian Security Update DSA-4977 xen - security update

    Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. Continue reading...
  20. LinuxBot

    Debian Security Update DSA-4974 nextcloud-desktop - security update

    Two vulnerabilities were discovered in the Nextcloud desktop client, which could result in information disclosure. Continue reading...
Top