ubuntu-usn

USN-4450-1: Whoopsie vulnerabilities Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. (CVE-2020-11937) Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12135) Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. (CVE-2020-15570) Source: USN-4450-1: Whoopsie vulnerabilities

USN-4449-1: Apport vulnerabilities Ryota Shiga discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936) Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. (CVE-2020-15701) Ryota Shiga discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2020-15702) Source: USN-4449-1: Apport vulnerabilities

USN-4448-1: Tomcat vulnerabilities It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. (CVE-2020-13935) It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Reqest Smuggling. (CVE-2020-1935) It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484) Source: USN-4448-1: Tomcat vulnerabilities

USN-4447-1: libssh vulnerability It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Source: USN-4447-1: libssh vulnerability

USN-4298-2: SQLite vulnerabilities USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13752, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) Source: USN-4298-2: SQLite vulnerabilities