Ubuntu security

Ubuntu security notices

No Image

USN-4575-1: dom4j vulnerability

2020-10-14 KENNETH 0

USN-4575-1: dom4j vulnerability It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. (CVE-2020-10683) Source: USN-4575-1: dom4j vulnerability

No Image

USN-4574-1: libseccomp-golang vulnerability

2020-10-08 KENNETH 0

USN-4574-1: libseccomp-golang vulnerability It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp. Source: USN-4574-1: libseccomp-golang vulnerability

No Image

USN-4572-2: Spice vulnerability

2020-10-07 KENNETH 0

USN-4572-2: Spice vulnerability USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4572-2: Spice vulnerability

No Image

USN-4573-1: Vino vulnerabilities

2020-10-07 KENNETH 0

USN-4573-1: Vino vulnerabilities Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2014-6053) It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-7225) Pavel Cheremushkin discovered that an information disclosure vulnerability existed in Vino when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that Vino incorrectly handled region clipping. A remote attacker could possibly use this issue to cause Vino to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that Vino incorrectly handled encodings. A remote attacker could use this issue to cause Vino [ more… ]

No Image

USN-4572-1: Spice vulnerability

2020-10-06 KENNETH 0

USN-4572-1: Spice vulnerability Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4572-1: Spice vulnerability