ubuntu-usn

Ubuntu security notices

No Image

USN-4942-1: Firefox vulnerability

2021-05-11 KENNETH 0

USN-4942-1: Firefox vulnerability A race condition was discovered in Web Render Components. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. Source: USN-4942-1: Firefox vulnerability

No Image

USN-4941-1: Exiv2 vulnerabilities

2021-05-11 KENNETH 0

USN-4941-1: Exiv2 vulnerabilities It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-29457) It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29458, CVE-2021-29470) It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-3482) Source: USN-4941-1: Exiv2 vulnerabilities

No Image

USN-4940-1: PyYAML vulnerability

2021-05-10 KENNETH 0

USN-4940-1: PyYAML vulnerability It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code. Source: USN-4940-1: PyYAML vulnerability

No Image

USN-4939-1: WebKitGTK vulnerabilities

2021-05-10 KENNETH 0

USN-4939-1: WebKitGTK vulnerabilities A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Source: USN-4939-1: WebKitGTK vulnerabilities

No Image

USN-4936-1: Thunderbird vulnerabilities

2021-05-06 KENNETH 0

USN-4936-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978) It was discovered that Thunderbird may keep key material in memory in some circumstances. A local attacker could potentially exploit this to obtain private keys. (CVE-2021-29950) Source: USN-4936-1: Thunderbird vulnerabilities