ubuntu-usn

Ubuntu security notices

No Image

USN-5247-1: Vim vulnerabilities

2022-01-27 KENNETH 0

USN-5247-1: Vim vulnerabilities It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 21.10. (CVE-2021-3973) It was discovered that vim incorrectly handled memory when opening and searching the contents of certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-3974) It was discovered that vim incorrectly handled memory when opening and editing certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a [ more… ]

No Image

USN-5193-2: X.Org X Server vulnerabilities

2022-01-26 KENNETH 0

USN-5193-2: X.Org X Server vulnerabilities USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Source: USN-5193-2: X.Org X Server vulnerabilities

No Image

USN-5252-2: PolicyKit vulnerability

2022-01-26 KENNETH 0

USN-5252-2: PolicyKit vulnerability USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator. Source: USN-5252-2: PolicyKit vulnerability

No Image

USN-5252-1: PolicyKit vulnerability

2022-01-26 KENNETH 0

USN-5252-1: PolicyKit vulnerability It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator. Source: USN-5252-1: PolicyKit vulnerability

No Image

USN-5250-2: strongSwan vulnerability

2022-01-25 KENNETH 0

USN-5250-2: strongSwan vulnerability USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication. Source: USN-5250-2: strongSwan vulnerability