ubuntu-usn

USN-4336-2: GNU binutils vulnerabilities USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4336-2: GNU binutils vulnerabilities

USN-5019-1: NVIDIA graphics drivers vulnerabilities It was discovered that an assert() could be triggered in the NVIDIA graphics drivers. A local attacker could use this to cause a denial of service. (CVE-2021-1093) It was discovered that the NVIDIA graphics drivers permitted an out-of-bounds array access. A local attacker could use this to cause a denial of service or possibly expose sensitive information. (CVE-2021-1094) It was discovered that the NVIDIA graphics drivers contained a vulnerability in the kernel mode layer where they did not properly control calls with embedded parameters in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-1095) Source: USN-5019-1: NVIDIA graphics drivers vulnerabilities

USN-5018-1: Linux kernel vulnerabilities It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use [ more… ]

USN-5017-1: Linux kernel vulnerabilities It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Source: USN-5017-1: Linux kernel vulnerabilities

USN-5014-1: Linux kernel vulnerability It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Source: USN-5014-1: Linux kernel vulnerability