USN-4899-2: SpamAssassin vulnerability USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Source: USN-4899-2: SpamAssassin vulnerability
USN-4896-2: lxml vulnerability USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. Source: USN-4896-2: lxml vulnerability
USN-4903-1: curl vulnerability Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Source: USN-4903-1: curl vulnerability
USN-4561-2: Rack vulnerabilities USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. Original advisory details: It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8161) It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. (CVE-2020-8184) Source: USN-4561-2: Rack vulnerabilities
USN-4902-1: Django vulnerability Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Source: USN-4902-1: Django vulnerability
Copyright © 2025 | WordPress Theme by MH Themes
