ubuntu-usn

USN-4434-1: LibVNCServer vulnerabilities Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. (CVE-2019-20839) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier discovered that LibVNCServer incorrectly handled anonymous TLS connections. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered that LibVNCServer incorrectly handled region clipping. A remote attacker could possibly use this issue to cause LibVNCServer to crash, [ more… ]

USN-4433-1: OpenJDK vulnerabilities Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-14556) It was discovered that OpenJDK incorrectly handled memory allocation when reading TIFF image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14562) It was discovered that OpenJDK incorrectly handled input data. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-14573) Philippe Arteau discovered that OpenJDK incorrectly verified names in TLS server’s X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14577) It was discovered that OpenJDK incorrectly handled image files. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14581) Markus Loewe discovered that OpenJDK incorrectly handled concurrent access in java.nio.Buffer class. An attacker could use this [ more… ]

USN-4430-2: Pillow vulnerabilities USN-4430-1 fixed vulnerabilities in Pillow. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. Source: USN-4430-2: Pillow vulnerabilities

USN-4431-1: FFmpeg vulnerabilities It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see: https://usn.ubuntu.com/usn/usn-3967-1 (CVE-2018-15822, CVE-2019-11338) It was discovered that FFmpeg incorrectly handled sscanf failures. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-12730) It was discovered that FFmpeg incorrectly handled certain WEBM files. An attacker could possibly use this issue to obtain sensitive data or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-13312) It was discovered that FFmpeg incorrectly handled certain AVI files. An attacker could [ more… ]

USN-4430-1: Pillow vulnerabilities It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. Source: USN-4430-1: Pillow vulnerabilities