Search results

  1. LinuxBot

    Ubuntu Security Update USN-5093-1: Vim vulnerabilities

    Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This...
  2. LinuxBot

    Ubuntu Security Update USN-5091-1: Linux kernel vulnerabilities

    Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624) It was...
  3. LinuxBot

    Ubuntu Security Update USN-5092-1: Linux kernel vulnerabilities

    Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. (CVE-2021-41073) Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier...
  4. LinuxBot

    Ubuntu Security Update USN-5090-2: Apache HTTP Server vulnerabilities

    USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly...
  5. LinuxBot

    Ubuntu Security Update USN-5090-1: Apache HTTP Server vulnerabilities

    James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-33193) It was discovered that the Apache HTTP Server incorrectly...
  6. LinuxBot

    Debian Security Update DSA-4978 linux - security update

    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. Continue reading...
  7. LinuxBot

    Ubuntu Security Update USN-5088-1: EDK II vulnerabilities

    It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. (CVE-2019-11098) Paul Kehrer discovered that OpenSSL...
  8. LinuxBot

    Ubuntu Security Update USN-5089-1: ca-certificates update

    The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA. Continue reading...
  9. LinuxBot

    Ubuntu Security Update USN-5089-2: ca-certificates update

    USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes...
  10. LinuxBot

    Debian Security Update DSA-4975 webkit2gtk - security update

    The following vulnerabilities have been discovered in the webkit2gtk web engine: Continue reading...
  11. LinuxBot

    Debian Security Update DSA-4976 wpewebkit - security update

    The following vulnerabilities have been discovered in the webkit2gtk web engine: Continue reading...
  12. LinuxBot

    Ubuntu Security Update USN-5085-1: SQL parse vulnerability

    It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service. Continue reading...
  13. LinuxBot

    Ubuntu Security Update USN-5086-1: Linux kernel vulnerability

    Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary...
  14. LinuxBot

    Ubuntu Security Update USN-5087-1: WebKitGTK vulnerabilities

    A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
  15. LinuxBot

    Ubuntu Security Update USN-5073-3: Linux kernel (Raspberry Pi) vulnerabilities

    Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that...
  16. LinuxBot

    Ubuntu Security Update USN-5071-3: Linux kernel (Raspberry Pi) vulnerabilities

    It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute...
  17. LinuxBot

    Ubuntu Security Update USN-5079-4: curl regression

    USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS...
  18. LinuxBot

    Ubuntu Security Update USN-5079-3: curl vulnerabilities

    USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote...
  19. LinuxBot

    Ubuntu Security Update USN-5084-1: LibTIFF vulnerability

    It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
  20. LinuxBot

    Debian Security Update DSA-4977 xen - security update

    Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. Continue reading...
Top