ubuntu-usn

Ubuntu security notices

No Image

USN-4435-2: ClamAV vulnerabilities

2020-07-28 KENNETH 0

USN-4435-2: ClamAV vulnerabilities USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3481) Source: USN-4435-2: ClamAV vulnerabilities

No Image

USN-4438-1: SQLite vulnerability

2020-07-27 KENNETH 0

USN-4438-1: SQLite vulnerability It was discovered that SQLite incorrectly handled query-flattener optimization. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4438-1: SQLite vulnerability

No Image

USN-4437-1: libslirp vulnerability

2020-07-27 KENNETH 0

USN-4437-1: libslirp vulnerability Ziming Zhang and VictorV discovered that libslirp incorrectly handled replying to certain ICMP echo requests. A remote attacker could possibly use this issue to cause libslirp to crash, resulting in a denial of service. Source: USN-4437-1: libslirp vulnerability

No Image

USN-4436-1: librsvg vulnerabilities

2020-07-27 KENNETH 0

USN-4436-1: librsvg vulnerabilities It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446) Source: USN-4436-1: librsvg vulnerabilities

No Image

USN-4435-1: ClamAV vulnerabilities

2020-07-27 KENNETH 0

USN-4435-1: ClamAV vulnerabilities It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3481) Source: USN-4435-1: ClamAV vulnerabilities