Ubuntu security

Ubuntu security notices

No Image

USN-4747-2: GNU Screen vulnerability

2021-02-25 KENNETH 0

USN-4747-2: GNU Screen vulnerability USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4747-2: GNU Screen vulnerability

No Image

USN-4747-1: GNU Screen vulnerability

2021-02-24 KENNETH 0

USN-4747-1: GNU Screen vulnerability Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4747-1: GNU Screen vulnerability

No Image

USN-4746-1: xterm vulnerability

2021-02-24 KENNETH 0

USN-4746-1: xterm vulnerability Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4746-1: xterm vulnerability

No Image

USN-4698-2: Dnsmasq regression

2021-02-24 KENNETH 0

USN-4698-2: Dnsmasq regression USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Original advisory details: Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25681, CVE-2020-25687) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25682, CVE-2020-25683) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25684) Moshe Kol and Shlomi [ more… ]

No Image

USN-4745-1: OpenSSL vulnerabilities

2021-02-24 KENNETH 0

USN-4745-1: OpenSSL vulnerabilities David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2020-1971) Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841) Source: USN-4745-1: OpenSSL vulnerabilities