ubuntu-usn

USN-4599-1: Firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Source: USN-4599-1: Firefox vulnerabilities

USN-4601-1: pip vulnerability It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. (CVE-2019-20916) Source: USN-4601-1: pip vulnerability

USN-4600-1: Netty vulnerabilities It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238) Source: USN-4600-1: Netty vulnerabilities

USN-4593-2: FreeType vulnerability USN-4593-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Source: USN-4593-2: FreeType vulnerability

USN-4598-1: LibEtPan vulnerability It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. (CVE-2020-15953) Source: USN-4598-1: LibEtPan vulnerability